Todd, in addition
to checking for your own IP address in the inbound mail HELO, another handy
"anti-spoofing" test is to check for your own mailhost.
HEADERS 20
CONTAINS Received: from yourmailhost.yourdomain.com
because, hey,
your mailserver is receiving this message, so it won't be the one sending it,
right? This works great unless you have some weird looping, or you use the
same hostname on multiple inbound hops.
For
example, I have one inbound mailhost which is mail.bentall.com and I
never see any valid mail from somewhere else that identifies itself as my
sender. It's been a great rule with zero false positives in over a
year.
Andrew
8)
|
Title: Message
- RE: [Declude.JunkMail] Fake IP Test Andy Schmidt
- RE: [Declude.JunkMail] Fake IP Test Kevin Bilbee
- Re: [Declude.JunkMail] Fake IP Test Rick Davidson
- Re: [Declude.JunkMail] Fake IP Test Todd
- RE: [Declude.JunkMail] Fake IP Test Goran Jovanovic
- RE: [Declude.JunkMail] Fake IP Test Goran Jovanovic
- Colbeck, Andrew