LuKreme wrote: > This gets back to the whole sender domain not matching the sender > mailserver. > > Does anyone have a set of rules for the various banks and paypal and > credit cards that scores them off the charts if they come from > somewhere else. > > I mean, I would feel comfortable scoring anything that claimed to > come from bankofamerica.com and did not come from there at +1000, > myself. Is there any surer spam sign?
This gets back to Dan McDonald's proposal from two days ago: > Subject: Rule to detect same address in sender and receiver > > I like the whitelist_from_spf function. I'd love a > blacklist_unless_spf function. I know I can write individual meta > rules for that, but this would be easier to maintain. > ... > blacklist_unless_auth @gmail.com > blacklist_unless_auth @yahoo.* I'd call it blacklist_from_unauth, but 6-of-1/half-a-dozen-of-the-other. Think of it as a sane SPF_FAIL/DKIM_FAIL mechanism to complement the whitelist_from_auth rule.
