You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/06/09 18:29:54 UTC
[Bug 3493] New: RFE: new SPF-based whitelisting rules
http://bugzilla.spamassassin.org/show_bug.cgi?id=3493
Summary: RFE: new SPF-based whitelisting rules
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: spamassassin-dev@incubator.apache.org
ReportedBy: jm@jmason.org
So some postings from Dan on the SPF list brings this to mind.
I suggest we identify some "known-good" sending domains, like ebay.com,
amazon.com, etc., where we can use rules like the following:
header SPF_WHITELIST_DOMS From:addr =~ /\@(?:amazon\.com|ebay\.com|whatever)$/
meta SPF_WHITELIST_FROM (SPF_PASS && FROM_EQ_ENV_FROM && SPF_WHITELIST_DOMS)
In other words, give whitelist points to mails where:
1. env-from is validated by SPF
2. header "From:" matches env-from
3. domain in question is *known* to be good
The domains in SPF_WHITELIST_DOMS could be very extensive; in fact, we could
probably do that better as an eval test/plugin with its own config items, a
la
spf-whitelist-domain ebay.com amazon.com aol.com yahoo.com ...
sound useful? AFAICS this will be reliable whitelisting even despite SPF
shortcomings.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.