spamassassin-users December 2011 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Making a rule -- "to" not matc

Re: Making a rule -- "to" not matching "for"

From: Kevin A. McGrail <KMcGrail_at_nospam>
Date: Thu Dec 15 2011 - 18:55:30 GMT
To: John Hardin <jhardin@impsec.org>

On 12/15/2011 1:44 PM, John Hardin wrote:
> On Thu, 15 Dec 2011, agamemnus wrote:
>
>> One thing that would really help is to discard any emails where the "to"
>> doesn't match the "for" fields: 99% of my spam is like that. Can
>> anyone tell
>> me what the rule for this would be? Thanks!
>
> Sample headers would help.
>
> By "for" do you mean the envelope recipient address in the Received:
> header(s)? Those are not added by all MTAs, and _discarding_ (vs. just
> adding a point for) any mail where the envelope recipient address does
> not match the header To: address (what you seem to be suggesting)
> would prevent you from receiving legitimate blind carbon copies from
> anyone.
>
> Is that truly what you want?
>
They aren't bounces and I also told him the same thing off-list about BCC's.

 From looking at one email, appears to be a good string of new spam we
might need to look at. Looks to forge Hotmail but also appears to be a
waste because there is no call to action in the spam.

Agamemnus, if you want to send some of the emails to me off-list as a
zipped mbox or something, feel free and I'll see if I can find any
patterns. Your to/for idea doesn't have merit because as discussed
that's how BCC's work.

Regards,
KAM