Hi,
I have a number of rules that checks for the existence of legitimate
docusign links and general weirdness (like the lack of a legitimate To
address or to undisc-recips), but it doesn't work for this legitimate
docusign email:
https://pastebin.com/tZthJnb2
Somehow it's sending to helena@gmail.com when the real recip is
04098@example.com (it was forwarded for some reason), and the
envelope-from is also gmail - I'm assuming it was routed through gmail
for some reason. Why?
Is the lack of a proper To header even a reliable spam indicator
anymore for this?
This is just a mailing list email, not a document that needs to be
signed, but why would docusign make it more difficult to ensure the
delivery of their email?
Is it enough to allow this to pass based on the received header?
Received: from mail06.esign.docusign.com (mail06.esign.docusign.com.
[204.92.114.62])
Other ideas? I've already added a number of docusign addresses to the
welcomelist:
$ grep docusign whitelist.cf
whitelist_auth *@esign.docusign.com
whitelist_auth dse_na3@docusign.net
whitelist_auth docusign@esign.docusign.com
whitelist_auth dse@docusign.net
whitelist_auth dse_na2@docusign.net
whitelist_auth dse_na3@docusign.net
whitelist_auth dse@eumail.docusign.net
whitelist_auth casestatus@docusign.com
whitelist_auth noreply@docusign.com
whitelist_auth collections@docusign.com
I have a number of rules that checks for the existence of legitimate
docusign links and general weirdness (like the lack of a legitimate To
address or to undisc-recips), but it doesn't work for this legitimate
docusign email:
https://pastebin.com/tZthJnb2
Somehow it's sending to helena@gmail.com when the real recip is
04098@example.com (it was forwarded for some reason), and the
envelope-from is also gmail - I'm assuming it was routed through gmail
for some reason. Why?
Is the lack of a proper To header even a reliable spam indicator
anymore for this?
This is just a mailing list email, not a document that needs to be
signed, but why would docusign make it more difficult to ensure the
delivery of their email?
Is it enough to allow this to pass based on the received header?
Received: from mail06.esign.docusign.com (mail06.esign.docusign.com.
[204.92.114.62])
Other ideas? I've already added a number of docusign addresses to the
welcomelist:
$ grep docusign whitelist.cf
whitelist_auth *@esign.docusign.com
whitelist_auth dse_na3@docusign.net
whitelist_auth docusign@esign.docusign.com
whitelist_auth dse@docusign.net
whitelist_auth dse_na2@docusign.net
whitelist_auth dse_na3@docusign.net
whitelist_auth dse@eumail.docusign.net
whitelist_auth casestatus@docusign.com
whitelist_auth noreply@docusign.com
whitelist_auth collections@docusign.com