A couple of years ago I started making an extensive list of whitelist_auth and whitelist_from_rcvd (for those with broken SPF and no DKIM) which made my SA scoring very reliable. Before I did this, I was constantly reacting to new spam campaigns which was a loosing battle.
I noticed some patterns to legitimate senders that I won't disclose on this public mailing list. These senders were consistently scoring low and sometimes incorrectly hitting high BAYES_ rules. I put my findings into an SQL query that I run once a week to average out the SA score for the previous 7 days to find low scoring senders that hit DKIM_VALID_AU or SPF_PASS and meet a minimum number of hits. This allowed me to safely increase the numbers on the high end of the BAYES_ rules since trusted senders occassionally hit high BAYES_* rules with legitimate email with valid opt- out processing. There are some default entries in the SA rules in 60_whitelist_*.cf: def_whitelist_from_spf *@ebay.com def_whitelist_from_spf *@walmart.com def_whitelist_from_dkim *@google.com Could we build a tool like masscheck to help extend these entries for trusted senders that are known to maintain proper SPF, DKIM, DMARC with valid opt-out processing? I have noticed that other spam fitering tools like are doing this to push out trusted senders list like SA could with sa-update. This is very similiar to what I have done at the MTA level where I have setup postwhite to bypass RBL checks for major senders -- not necessarily trusted senders but they are very large mail providers that often get listed on less accurate secondary RBLs but you can't block them due to their size. Then I was able to add more RBLs to my postscreen list that would normally block some of those large providers similar to increasing the high BAYES_ scores. This also improved mail filtering for those large mail providers since it went from reputation-based at the MTA to more content-based in SA. It goes without saying that Yahoo is terrible. They don't maintain a good SPF record so postwhite is not able to help with them. I still have problems with Yahoo but when I get a report on this, I recommend the sender get a different address and abandon their Yahoo account. Fortunately, Yahoo's recent security issues are making it less of a problem as people seem to be leaving them. Thanks, Dave
