https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7702
RW <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from RW <[email protected]> --- The quoted received header was added by nb1.victas.uca.org.au, so the HELO is irrelevant as the regexes are testing for Microsoft's own formatting. However, I don't think this code is worth maintaining. It provides two rules: FORGED_HOTMAIL_RCVD2 which is a test for @hotmail.com addresses that are not relayed through Microsoft servers. Oddly this rule has an S/O that's substantially worse than __FROM_HOTMAIL_COM which just checks for a Hotmail address. It's modest scores have not been updated for almost 10 years when freemail spoofing was much more common. The scores predate even Hotmail's use of DKIM, let alone DMARC. The other rule is FORGED_HOTMAIL_RCVD which checks for a forged Hotmail HELO. Hotmail doesn't really exist anymore, the legacy addresses are relayed over the outlook servers. Are there really still legitimate servers that use hotmail in the HELO? I haven't seen it for years. If not then simply checking the untrusted relays for /helo=(?:\S+\.)?hotmail\.com\s/i should be an all-round improvement on the existing perl rule. Note that the existing rule checks for \S*hotmail\.com, and so could FP on other domains. -- You are receiving this mail because: You are the assignee for the bug.
