On 14 Feb 2015, at 16:00 , Dave Pooser <dave...@pooserville.com> wrote: > On 2/14/15 4:23 PM, "LuKreme" <krem...@kreme.com> wrote: > >> I wasn¹t suggesting you implement it on your machine. That said, I would >> very much like a list of hosts that pass whitelist_auth. > > whitelist_auth isn't a host-level check, it's an email address or > domain-level check. "If a message can be authenticated as being from this > email address, then accept it." Mine is a short list, almost exclusively > financial: > > blacklist_from *@wellsfargo.com > whitelist_auth *@wellsfargo.com > > blacklist_from *@chase.com > whitelist_auth *@chase.com > > blacklist_from *@bankofamerica.com > whitelist_auth *@bankofamerica.com > > blacklist_from *.aexp.com > whitelist_auth *.aexp.com > > blacklist_from *@americanexpress.com > blacklist_from *.americanexpress.com > whitelist_auth *@americanexpress.com > whitelist_auth *.americanexpress.com > > blacklist_from *@atmosenergy.com > whitelist_auth *@atmosenergy.com > > blacklist_from *@citibank.com > whitelist_auth *@citibank.com
Thanks for the list. > And Reindl is right that I'm assuming these senders won't suddenly decide > to quit sending authenticated email. Yes, I know he’s right, I just don’t really care. I’d rather stop the flood of scammer mails. I’m going to check on amazon, paypal, and apple as those are frequent phishing sources. Also, I do not delete received mail, regardless of how spammy it is (well, I do if it’s *my* mail and the spam score is over 10). It all gets delivered to the user where they are able to scan the Junk folder and recover any messages that were mistagged. > If they do, I'll notice it in my logs pretty quickly and get it resolved, but > I understand that for some mail admins that's a risk they can't take. Right. > For myself, Id rather reject barely-possibly-valid mail from those senders > than accept probable-phishing emails claiming to be from those senders; Yes, exactly. I will probably do something akin to what you did, with smaller numbers (like +5 and -10). -- No sense being pessimistic. It wouldn't work anyway.
