Franck Martin skrev den 2013-07-31 23:06:
Why would they use a forged domain which is on a blacklist? I think they would tend to use a domain which is well known with good reputation. As well known domains are getting protected, then they have to move to use their own domain, which happens to appear on blacklist...
agre with that, here i blacklist_from that have spf_pass and spamming sender, and also just spamming domain that is not dkim signed or get spf results, eg score on spf_none :)
Now as we move to IPv6, reputation will shift from an IP based type reputation, to a domain based type reputation. Unfortunately, spam assassin seems to be lacking some rules.
still missing dmarc spamassassin plugin, there is a dkim_reput but i dont see much help there, it could be bootstrapped if one have own dkim_repution server and reporting based on opendkim
and it failed for me with http://www.dkim-reputation.org/ it might work, but would work better if more used it
Nevertheless, it does not matter, if it is the right or wrong direction, my question remains: how do I create such a rule?
rule for ?
