Hi Scott,
Could it be a new test that gives negative points if tested positive?
See the header below:
Received: from smtp2.us.dell.com [143.166.85.133] by mail.zcom.it with
ESMTP
(SMTPD32-7.15) id AB43793010C; Thu, 19 Jun 2003 04:09:07 +0200
Received: from AUSSTOPROCESS02 (ausstoprocess02.us.dell.com
[143.166.99.227])
by smtp2.us.dell.com (8.12.9/8.12.7) with SMTP id h5J29SUZ020820
for <[EMAIL PROTECTED]>; Wed, 18 Jun 2003 21:09:29 -0500
Message-Id: <[EMAIL PROTECTED]>
From: "Dell's File Watch service" <[EMAIL PROTECTED]>
It's not an indicator for legit messages if both the sender domain and
all involved mailservers uses the same 2nd-level-domain? In this case
"dell.com" is used in the sender adress, the ehlo-strings and the
REVDNS-records.
But maybe this is already implemented somewhere (heuristic or so) ...?
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
