> Hi, > > We've been having a problem with phishing attacks by spoofing the > MAILFROM and From address. [snip]
> The message passes DKIM: > > -0.1 DKIM_VALID Message has at least one valid DKIM or DK > signature > 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not > necessarily valid > > DKIM-Signature: [snip] > but running the message through spamassassin again with the whitelist > entry doesn't actually whitelist the message. I notice it doesn't hit DKIM_VALID_AU. Which basically is the thing you want to check, since it means the message is not just signed by a random domain, but by the domain of the author. So I assume the dkim whitelists check this too (against From and mailfrom?). > Ideas greatly appreciated. > Thanks, > Alex >
