spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dominic Raferd <>
Subject Re: google and spam
Date Mon, 14 Dec 2020 12:12:26 GMT
On 14/12/2020 11:01, Iulian Stan wrote:
> Hi all,
> First of all i am writing this email from yahoo because from my own 
> domain it seems it's not working because i have DMARC setup and 
> apparently something(maybe ezml) is messing up with the headers. If 
> you have any ideea to whom should i address i will more than happy :)
> I am also receiving a lot of spam from google (aparently always domain 
> is and all spam is using google forms.
> For me the problem is solved(meaning that all of these spam is going 
> to quarantine and bayes is learning about those) but i was wondering if:
> 1) Since email are coming from google how come google is not doing 
> anything?
> 2) Are those spam sent manually ? It will be a nightmare for a spammer 
> to do this but how come there not any limitation coming from google if 
> spam are sent via mass-bulk programs/interfaces/etc?
> 3) I am using also a local(my own) RBL which is trained with IPs from 
> spam. It is queried by spammasssin because i don't want to reject from 
> MTA but use it in conjunction with others scores/rules. Now i have 
> doubts that if i keep adding IPs from google i will end up having all 
> google MTAs added and legit email might be hurt in the progress. What 
> do you think ? Do you have insides about  this 
> Looking on RBL doesn't looks too great and it seems from his domain 
> there is spam which is actively sent.
> 4) I though that maybe google launch something similar with sendgrid 
> but i don't find any reference about it and also the envelope-from are 
> different i didn't found a common denominator. Few examples:
> envelope-from 
> <>
> ...
> Above also a full example of an email:
> <>

To my surprise, you seem to be right. In my logs I have a number of 
these (but not a huge number) over the last year, they have almost all 
been blocked by SA (not using bayes) - but not blocked by earlier 
defences. I have received only a handful of such mails that have passed 
SA; now when I check them all definitely spam/phishing. The IPs all seem 
to be Google's (within CIDR I'm going to add a couple 
of points scoring to anything from

View raw message