Am 14.02.2015 um 10:40 schrieb LuKreme:
On Feb 13, 2015, at 5:42 PM, Benny Pedersen <m...@junc.eu> wrote:problem with lists is that a spammer just create a new free domain and spam with it, so be in front, list all as spam until it known not to beIn this specific case,the list is a list of known domains that will pass whitelist_auth, which means you can blacklist them and when they pass auth, they magically get through. As Dave Pooser posted:whitelist_auth *@bankofamerica.com blacklist_from *@bankofamerica.com I score blacklist_from at 80 points so an address that's both blacklisted and whitelisted will be effectively whitelisted, thanks to a net -20 scoreWhen BOA sends an email, it hits the blacklist and gets a score of +80, but if the mail passes whitelist_auth (meaning it’s really from BOA), then it gets a -100. So anyone who is not BOA ends up with a score of +80. It doesn’t matter how many random domains they create.
and when BOA makes a mistake in their DNS (typo in the SPF as it happens way too often ending in PERMERROR which is *not* a reason for a reject) or other DNS issues are happening you would block all legit mail
in other words: you make your mailserver to a gambling machine with such rules as long it's not for domains you maintain and can be sure that DNS works unconditionally (no internet and foreign ISP involved)
signature.asc
Description: OpenPGP digital signature
