Attachment blocking with spoofed addresses and DMARC

Benny Pedersen me at
Fri Apr 15 13:59:13 CEST 2016

On 2016-04-15 01:27, Quanah Gibson-Mount wrote:
> A customer who has set up DKIM + SPF notes a spammer tactic where they
> set the TO and FROM to be the same value.  I.e.,:
> To: user at
> From: user at
> With an attachment type that has been set up to be blocked.  Even
> though the message clearly fails DMARC and thus will be flagged as
> Junk in our setup (SA scores DMARC failure with a large negative
> score), the user ends up getting a notification for every one of these
> emails.  Is there any way to get Amavis to NOT send a notice to the
> user if the SA score is above the SPAM threshold?

why accept dmarc fail ?

i just reject it in opendmarc

but since you use amavisd it could possible be solved by create a new 
policybank for dkim fails, and set policy in that back for dkim fails, 
its long time since i used amavisd here so dont know much about it

if you want to make it with dmarc then amavisd need dmarc handling with 
it does not currently, but dkim is handled in amavisd

More information about the amavis-users mailing list