You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Franck Martin <fm...@linkedin.com> on 2013/09/07 01:39:01 UTC

Re: Catching fake LinkedIn invites

May be to give some background and from there please apply what works best for you.

Linkedin do DMARC.org, this means all the emails sent from Linkedin infrastructure will pass SPF (be with the mailfrom or helo strings) and be DKIM signed. Furthermore the domain present in all the strings will be aligned. Beware, MTAs on the way may change some of these characteristics.

https://dmarcian.com/dmarc-inspector/linkedin.com
http://engineering.linkedin.com/email/dmarc-new-tool-detect-genuine-emails

There has been talk to do a DMARC like rule in spamassassin. I certainly would prefer people use the openDMARC milter, but I understand a spamassassin rule could be easier/faster to deploy.

http://sourceforge.net/projects/opendmarc/
http://www.trusteddomain.org/opendmarc.html

The above is my personal advice.