>From: Alex <mysqlstud...@gmail.com>
>On Sun, Apr 30, 2017 at 10:17 AM, David Jones <djo...@ena.com> wrote:
>>>From: Alex <mysqlstud...@gmail.com>
>>
>>>I'm having a problem with bounce messages being tagged as spam. What
>>>is the proper way to handle legitimate bounce messages these days? Is
>>>it safe to bypass scanning DSN bounce messages and route them directly
>>>with postfix?
>>
>> Sender reputation is key to proper spam detection including bounces. You
>> could try out these rules with very low scores until you are comfortable with
>> them then set your own scores:
>>
>> 99_senderscore.cf
>I'm using senderscore, but doing it in postfix, where I can reject
>messages outright. Perhaps I'll consider doing it in SA instead.
You should do it in both. SA will have other rules based on content like
bayes that Postfix is not able to do. Think of Postfix as level 1 filtering and
SA as level 2. Some checks will overlap which is fine. Postfix with postscreen
RBLs will be more about sender reputation and SA will be more about content.
Trusted senders should be allowed to send some content as long as it's not
malicious.
>>
>> 99_mailspike.cf
>> -----------------------
>> shortcircuit RCVD_IN_MSPIKE_H5 on
>>
>> score RCVD_IN_MSPIKE_H4 -3.2
>...
>I've actually done this, but backed off on the shortcircuit because
>there were several instances where the email originated from a site
>with a good reputation, but was clearly spam. I had enabled it, then
>ignored it, and it was a big problem.
I know the definition of spam is subjective and I don't want to start
a storm on the list but I have defined spam as malicious email. There
is a difference between unwanted email and spam. For me, if the
sender has a reliable unsubscribe process that doesn't have a mailto:
link or something that just harvests/verifies the recipient's email
address, then I consider it ham.
Unwanted email from a reputable sender hitting MSPIKE_H4 should
have a valid opt-out link and therefore be allowed through to the
recipient for them to unsubscribe if they no longer want it.
If you don't have a clear distinction between spam and unwanted
email, then it's going to be very tough to get your mail filtering
accurate. Two different senders can send nearly the identical
email and one could be legit and the other be phishing. Spammers
often spoof Paypal emails to get people to enter their creds which
definitely should be spam and blocked. How would you allow the
legit paypal.com email and block the spoofed one if you didn't base
the scoring on sender reputation?
I have a huge list (thousands of entries) of whitelist_auth domains
of senders which allows me to crank up the sensitivity of content
checks and RBLs in SA and have very few complaints from customers.
Dave
