[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-users
Subject: Re: FORGED_YAHOO_RCVD still causing false positives
From: Dan Malm <dam () one ! com>
Date: 2017-09-18 8:28:44
Message-ID: 26ce6d18-5019-adbf-c5d3-356964d2f6d9 () one ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
On 09/15/2017 02:26 PM, RW wrote:
> On Fri, 15 Sep 2017 11:50:25 +0100
> Sebastian Arcus wrote:
>
>> I see this has come up again and again. Since FORGED_YAHOO_RCVD seems
>> to work by checking the address of the Yahoo smtp server in the
>> headers against a predefined list of Yahoo servers in SA, and Yahoo
>> seems to add new servers all the time - which causes false positives,
>
> It's based on Yahoo received header formats, but they are liable to
> change.
>
>> is there much point to this check?
>
> The rule was created and scored when spoofing Yahoo was very common,
> but it isn't any more. I don't think it's worth keeping as it is - high
> maintenance and error prone.
>
Since yahoo has DMARC with p=reject, just validating DMARC and rejecting
when it tells you to should make the FORGED_YAHOO_RCVD rule redundant.
I've had the score for that rule set to 0 for quite some time.
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic