Every few months, someone suggests detecting phish by looking for a
different domain in the target vs display URL in HTML links.
Other suggestions have included testing for different domain in the
SMTP envelope Sender and the hostname of the sending IP.
Every time, the grizzled veterans
On Wed, 24 Feb 2010, Chip M. wrote:
Note that an IP-based exception must be made for Paypal (the From
domain is always different for user transactions).
I'd wager whitelist_auth is a better way to do that.
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/