Francis Russell wrote:
>> Even with the default DKIM scores, I finding I am getting spam that are
>> DKIM_VERIFIED causing the score to dip below zero and let the message
>> through, for example:
>>
>> http://micah.riseup.net/1
>
> that's spam relayed by a debian list. definitely a different beast...
I interpret those headers as spam being sent to a Debian e-mail address,
then forwarded to a personal address.
That's what I meant. Maybe I use the term "relay" too "liberally"?
anyway, such spam is harder to stop unless you add the list relays to
your trusted_networks.
As for DKIM, surely it's a bad thing to give it any score? It's supposed
to be an authentication mechanism not an anti-spam mechanism in itself.
same can be said for many other rules/methods. checking that a message
is well formed is not an anti-spam measure in itself. checking that a
message is not html-only is not an anti-spam measure in itself. but
these things are patterns that can help detect spam. No single approach
will detect all spam. SA is about using multiple patterns to detect spam.
The problem with all those emails is that the only sign that they're
spam is the content itself. 20_advance_fee.cf contains all the rules
that try to catch these types of messages. Your best bet is to try to
create some more variations on those, or as John said, the sought_fraud
ruleset as well.
