Mark Martinec writes: > Having received a couple of messages faking to be from yahoo, > despite FORGED_YAHOO_RCVD and few other rules firing, the final > score was not high enough. Since Yahoo! is signing their > outgoing mail with DomainKeys, I came up with: > > header __L_FROM_YAHOO From:addr =~ /[EMAIL PROTECTED]/i > meta UNVERIFIED_YAHOO __L_FROM_YAHOO && !DK_VERIFIED > priority UNVERIFIED_YAHOO 500 > score UNVERIFIED_YAHOO 5.0 > > which seems to do its job. > > I had to experiment with priority - are there any guidelines fo this? > Is this a way to go? - any obvious improvements?
makes sense to me, although -- (a) Is "From:addr" rather than "EnvelopeFrom:addr" the right header to use? (b) are Y! signing all mail? I would have assumed some systems are not yet using DK. In 3.1.x, you have to set priority manually, unfortunately, to be higher than both of the subrules. in 3.2.x, it'll do that automatically for you. --j.
