[prev in list] [next in list] [prev in thread] [next in thread] 

List:       spamassassin-users
Subject:    Re: FORGED_YAHOO_RCVD still causing false positives
From:       Dan Malm <dam () one ! com>
Date:       2017-09-18 8:28:44
Message-ID: 26ce6d18-5019-adbf-c5d3-356964d2f6d9 () one ! com
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


On 09/15/2017 02:26 PM, RW wrote:
> On Fri, 15 Sep 2017 11:50:25 +0100
> Sebastian Arcus wrote:
> 
>> I see this has come up again and again. Since FORGED_YAHOO_RCVD seems
>> to work by checking the address of the Yahoo smtp server in the
>> headers against a predefined list of Yahoo servers in SA, and Yahoo
>> seems to add new servers all the time - which causes false positives,
> 
> It's based on Yahoo received header formats, but they are liable to
> change.
> 
>> is there much point to this check?
> 
> The rule was created and scored when spoofing Yahoo was very common,
> but it isn't any more. I don't think it's worth keeping as it is - high
> maintenance and error prone.
> 

Since yahoo has DMARC with p=reject, just validating DMARC and rejecting
when it tells you to should make the FORGED_YAHOO_RCVD rule redundant.
I've had the score for that rule set to 0 for quite some time.


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]