: RE: [Declude.Virus] pay-pal phishing
One way you could do this is to use the following lines in a filter
#PAYPAL
REVDNS END ENDSWITH .paypal.com
MAILFROM 20 ENDSWITH @paypal.com
Also as far as I know the genuine paypal IP's are listed with BONDEDSENDER
David Barker
Director of Product
Cox [EMAIL PROTECTED]
To: declude.virus@declude.com
Sent: Friday, February 16, 2007 5:06 AM
Subject: Re: [Declude.Virus] pay-pal phishing
Isn't that basically what the spamdomains test does? Specifies what
domains
a mail server can be in that sends for a particular domain...
Darin
Message Sniffer does a pretty good job. You can also use the spamdomains
and SPF tests, though their SPF policy is only soft fail at the moment,
which Declude does not check.
Darin.
- Original Message -
From: Bob McGregor [EMAIL PROTECTED]
To: Declude-List Declude.Virus@declude.com
ClamAV catches a lot of them.
Original Message
From: Darin Cox [EMAIL PROTECTED]
Sent: Thursday, February 15, 2007 5:58 PM
To: declude.virus@declude.com
Subject: Re: [Declude.Virus] pay-pal phishing
Message Sniffer does a pretty good job. You can also use
One way you could do this is to use the following lines in a filter
#PAYPAL
REVDNS END ENDSWITH.paypal.com
MAILFROM20 ENDSWITH@paypal.com
Also as far as I know the genuine paypal IP's are listed with BONDEDSENDER
David Barker
Director of Product Management