|Main Archive Page > Month Archives > spamassassin-users archives|
On 12/15/2011 1:44 PM, John Hardin wrote:
> On Thu, 15 Dec 2011, agamemnus wrote:
>> One thing that would really help is to discard any emails where the "to"
>> doesn't match the "for" fields: 99% of my spam is like that. Can
>> anyone tell
>> me what the rule for this would be? Thanks!
> Sample headers would help.
> By "for" do you mean the envelope recipient address in the Received:
> header(s)? Those are not added by all MTAs, and _discarding_ (vs. just
> adding a point for) any mail where the envelope recipient address does
> not match the header To: address (what you seem to be suggesting)
> would prevent you from receiving legitimate blind carbon copies from
> Is that truly what you want?
They aren't bounces and I also told him the same thing off-list about BCC's.
From looking at one email, appears to be a good string of new spam we
might need to look at. Looks to forge Hotmail but also appears to be a
waste because there is no call to action in the spam.
Agamemnus, if you want to send some of the emails to me off-list as a
zipped mbox or something, feel free and I'll see if I can find any
patterns. Your to/for idea doesn't have merit because as discussed
that's how BCC's work.