Mercurial > dnsbl
diff dnsbl.conf @ 330:b5b93a7e1e6d
ignore envelope-from based whitelisting if we have a dkim requirement for that domain
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Mon, 19 Dec 2016 12:05:06 -0800 |
| parents | 9f8411f3919c |
| children | 9800776436b9 |
line wrap: on
line diff
--- a/dnsbl.conf Mon Dec 19 08:29:16 2016 -0800 +++ b/dnsbl.conf Mon Dec 19 12:05:06 2016 -0800 @@ -54,14 +54,30 @@ content on { dkim_signer { - sendgrid.me black; - weather.com white; + // we could add consumer facing domains like yahoo.com, aol.com, etc + // here, IF you really want to accept all the mail from such folks. + five-ten-sg.com white; + some.spammer black; // reject if signed by them }; dkim_from { - yahoo.com require_signed yahoo.com; - gmail.com signed_white gmail.com; - girlscoutsla.org signed_white girlscoutsla.ccsend.com; + // cannot really add consumer facing domains like yahoo.com, aol.com, etc + // here, since such messages from humans might be sent via mailing lists + // that will break the dkim signature. But this works well for commonly + // forged bulk senders like ebay and paypal. + some.spammer require_signed some.spammer // reject if not signed + + billpay.bankofamerica.com require_signed billpay.bankofamerica.com; + ealerts.bankofamerica.com require_signed ealerts.bankofamerica.com; + ebay.com require_signed ebay.com; + facebookmail.com require_signed facebookmail.com; + healthcare.gov require_signed healthcare.gov; + linkedin.com require_signed linkedin.com; + paypal.com require_signed paypal.com; + service.capitalone.com require_signed capitalone.com; + support.facebook.com require_signed support.facebook.com; + ups.com require_signed ups.com; + wellsfargo.com require_signed wellsfargo.com; }; filter sbl-xbl.spamhaus.org "Mail containing %s rejected - sbl; see http://www.spamhaus.org/query/bl?ip=%s"; uribl multi.surbl.org "Mail containing %s rejected - surbl; see http://www.surbl.org/surbl-analysis?d=%s";