Could you please share the IP address (better: relevant Received: header)? This seems like an error in our data.
-- Matthias, for the dnswl.org project On Sun, Aug 25, 2013 at 10:19 PM, Jason Haar <jason_h...@trimble.com> wrote: > Hi there > > I just received some spam - got a score below 0. The real surprise was > the -2 points it got from RCVD_IN_DNSWL_MED - a surprise because the > domain was yahoo.co.uk! > > I have no idea why DNSWL would ever give a negative score to any > FREEMAIL (I use the SA rulename there) server - all free mail services > will be prone to misuse > > So I'm thinking of trying to counteract that via > > meta UNDO_DNSWL_WHITELIST ( (RCVD_IN_DNSWL_MED) && > FREEMAIL_FROM) > describe UNDO_DNSWL_WHITELIST don't allow RCVD_IN_DNSWL_MED > to whitelist freemail > score UNDO_DNSWL_WHITELIST 2.0 > > > Anyone see anything fundamentally wrong with that? It seems so obvious, > I'm thinking I've overlooked something :-) > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 >
