Re: [Declude.JunkMail] blocking spam faked as coming from local a ddress ddress ddress ddress

[Matthew Bramble]

Bill, It's because it is very rare that you see spam faking your address, 0.1% from a recent test, and much more common that false positives will be created as was noted.  I was able to monitor this behavior because unfortunately the DYNAMIC filter catches but doesn't score intra-server domain E-mail, and I searched for this knowing they would all be in there.  In other words, filtering for from addresses faked to say they are from your own domain would have a false positive rate of around 75%, or at least that would be so on my server.  One prime example is that many of my customer's Web sites with forms will send the submission as if it came from the customer's own domain, and thus fail the test.  Lots of ecommerce is done this way.  It's a very bad idea in my opinion.  Maybe I'm missing something though??? Using SPAMDOMAINS to filter for local domains would also be just as problematic I would think.  You might not have issues based on the makeup of your customers and maybe not caring too much about gray area commercial stuff like greeting cards which might fail the filters.  No way would I start whitelisting stuff either based on something which would properly add points so rarely.  Are you not seeing the same very low incidence of this type of thing?  or is that unique to my own customer base? Matt Bill Landry wrote: ----- Original Message ----- From: Matthew Bramble I highly recommend not filtering the fake MAILFROM for your local domains. Why not? I don't actually do this, rather I use SPAMDOMAIN instead. But I don't see a problem doing it with MAILFROM in a filter file either. Bill