On 09/15/2017 02:26 PM, RW wrote: > On Fri, 15 Sep 2017 11:50:25 +0100 > Sebastian Arcus wrote: > >> I see this has come up again and again. Since FORGED_YAHOO_RCVD seems >> to work by checking the address of the Yahoo smtp server in the >> headers against a predefined list of Yahoo servers in SA, and Yahoo >> seems to add new servers all the time - which causes false positives, > > It's based on Yahoo received header formats, but they are liable to > change. > >> is there much point to this check? > > The rule was created and scored when spoofing Yahoo was very common, > but it isn't any more. I don't think it's worth keeping as it is - high > maintenance and error prone. >
Since yahoo has DMARC with p=reject, just validating DMARC and rejecting when it tells you to should make the FORGED_YAHOO_RCVD rule redundant. I've had the score for that rule set to 0 for quite some time.
signature.asc
Description: OpenPGP digital signature
