You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/06/09 18:29:54 UTC

[Bug 3493] New: RFE: new SPF-based whitelisting rules

http://bugzilla.spamassassin.org/show_bug.cgi?id=3493

           Summary: RFE: new SPF-based whitelisting rules
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Rules
        AssignedTo: spamassassin-dev@incubator.apache.org
        ReportedBy: jm@jmason.org


So some postings from Dan on the SPF list brings this to mind.

I suggest we identify some "known-good" sending domains, like ebay.com,
amazon.com, etc., where we can use rules like the following:

  header SPF_WHITELIST_DOMS From:addr =~ /\@(?:amazon\.com|ebay\.com|whatever)$/
  meta SPF_WHITELIST_FROM   (SPF_PASS && FROM_EQ_ENV_FROM && SPF_WHITELIST_DOMS)

In other words, give whitelist points to mails where:

  1. env-from is validated by SPF
  2. header "From:" matches env-from
  3. domain in question is *known* to be good

The domains in SPF_WHITELIST_DOMS could be very extensive; in fact, we could
probably do that better as an eval test/plugin with its own config items, a
la

spf-whitelist-domain   ebay.com amazon.com aol.com yahoo.com ...

sound useful?  AFAICS this will be reliable whitelisting even despite SPF
shortcomings.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.