On Wed, 28 Aug 2013, Michael Schaap wrote:
Hi,
I'm getting loads of fake LinkedIn invites, most of which aren't caught by
SpamAssassin.
Does anyone have a good SpamAssassin rule to catch those, while letting real
LinkedIn invites through?
Do they fail SPF or DKIM?
If they do, and the legit ones pass SPF or DKIM, then the standard
solution is to add a header rule to detect that the message claims to be
from that domain (e.g. using the domain part of the From or Reply-To
headers), and then either give that rule some points and also define
whitelist_from_auth for the domain, or meta that rule with (SPF_FAIL ||
DKIM_FAIL) and give the meta a some points.
There were some examples of doing this for facebook within the last
couple of weeks, check the list archives.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
WSJ on the Financial Stimulus package: "...today there are 700,000
fewer jobs than [the administration] predicted we would have if we
had done nothing at all."
-----------------------------------------------------------------------
Today: Exercise Your Rights day
