I’ve started to get a lot of spam (phishing attempts) from Google Groups. Spammers seem to be creating bogus mailing lists and adding my address. Google are happy to allow this situation without any sort of email confirmation step it seems.
Full headers from an example are here. (I’ve replaced my email with ‘me@example.com’): https://pastebin.com/VKqLfbyZ
You can see the spammer uses a compromised email service to post the message to the list, so DKIM is passing. Bayesian learning hasn’t been very effective in flagging this sort of mail as yet.
My users don’t use Google Groups at all so I’m happy to flag all their mail as spam, but I don’t want to flag all of GMail. The header “X-Google-Group-Id” could be used to identify any Groups email, but I’m struggling to find clear documentation on how I can configure RSpamd to identify a header like this and assign it a score.
Any advice or pointers to guides? The official Rspamd docs (https://www.rspamd.com/doc/configuration/) are very detailed but I need a simpler overview.