Hi,
On Sun, Apr 30, 2017 at 10:17 AM, David Jones <djo...@ena.com> wrote:
>>From: Alex <mysqlstud...@gmail.com>
>
>>I'm having a problem with bounce messages being tagged as spam. What
>>is the proper way to handle legitimate bounce messages these days? Is
>>it safe to bypass scanning DSN bounce messages and route them directly
>>with postfix?
>
> Sender reputation is key to proper spam detection including bounces. You
> could try out these rules with very low scores until you are comfortable with
> them then set your own scores:
>
> 99_senderscore.cf
> -------------------------
> ifplugin Mail::SpamAssassin::Plugin::DNSEval
>
> header __RCVD_IN_SENDERSCORE_90_100
> eval:check_rbl('senderscore90-lastexternal','score.senderscore.com.','^127\.0\.4\.(9[0-9]|100)$')
> meta RCVD_IN_SENDERSCORE_90_100 SPF_PASS &&
> __RCVD_IN_SENDERSCORE_90_100
> describe RCVD_IN_SENDERSCORE_90_100 Senderscore.org score of 90
> to 100
> score RCVD_IN_SENDERSCORE_90_100 -2.2
> tflags RCVD_IN_SENDERSCORE_90_100 net
I'm using senderscore, but doing it in postfix, where I can reject
messages outright. Perhaps I'll consider doing it in SA instead.
>
> 99_mailspike.cf
> -----------------------
> shortcircuit RCVD_IN_MSPIKE_H5 on
>
> score RCVD_IN_MSPIKE_H4 -3.2
...
I've actually done this, but backed off on the shortcircuit because
there were several instances where the email originated from a site
with a good reputation, but was clearly spam. I had enabled it, then
ignored it, and it was a big problem.
I think my take-away from this is that there's no way to avoid
processing bounce emails in the same way as all other emails?
Is ANY_BOUNCE_MESSAGE and BOUNCE_MESSAGE trustworthy? Are spammers
using multipart/report types with null return path?
