From: RW <[email protected]> >On Sat, 6 May 2017 15:49:08 +0200 >Thore Boedecker wrote:
>> Over on my side, the receiving end of these emails, there is my >> spamassassin. SA discovers the DKIM signature and is able to validate >> this signature against the Yahoo server which is totally undesirable >> in my opinion. >SPF requires the mail to be sent out through designated hosts. A DKIM >pass for the correct domain means that the email passed through a host >with access to the signing key. DKIM provides better authorization than >SPF. RW is correct. This email did not go through a Google mail server. Looks like the sender is using a mail client to send through Yahoo with the intention to get someone to reply back to a gmail.com address. Does anyone think it would be beneficial to extend the FreeMail plugin to detect these headers having different sender and reply-to FREEMAIL domains? You need to properly train your Bayes since this email hit BAYES_00. This email was BCC'd which is another clue of spam in conjunction with the FREEMAIL hits. I bump up these FREEMAIL scores based on the masscheck results I saw in the past: score FREEMAIL_FROM 1.2 score FREEMAIL_REPLYTO 4.2 score FREEMAIL_REPLYTO_END_DIGIT 1.2 Disclaimer: Adjust these scores to your liking as I have an SA block at 6.0. Dave
