This is a discussion on Re: Checking for SPF & DKIM Checks - SpamAssassin ; Francis Russell wrote: > >> Even with the default DKIM scores, I finding I am getting spam that are > >> DKIM_VERIFIED causing the score to dip below zero and let the message > >> through, for example: > >> ...
Francis Russell wrote:
> >> Even with the default DKIM scores, I finding I am getting spam that are
> >> DKIM_VERIFIED causing the score to dip below zero and let the message
> >> through, for example:
> >> http://micah.riseup.net/1
> > that's spam relayed by a debian list. definitely a different beast...
> I interpret those headers as spam being sent to a Debian e-mail address,
> then forwarded to a personal address.
That's what I meant. Maybe I use the term "relay" too "liberally"?
anyway, such spam is harder to stop unless you add the list relays to
> As for DKIM, surely it's a bad thing to give it any score? It's supposed
> to be an authentication mechanism not an anti-spam mechanism in itself.
same can be said for many other rules/methods. checking that a message
is well formed is not an anti-spam measure in itself. checking that a
message is not html-only is not an anti-spam measure in itself. but
these things are patterns that can help detect spam. No single approach
will detect all spam. SA is about using multiple patterns to detect spam.
> The problem with all those emails is that the only sign that they're
> spam is the content itself. 20_advance_fee.cf contains all the rules
> that try to catch these types of messages. Your best bet is to try to
> create some more variations on those, or as John said, the sought_fraud
> ruleset as well.