----- Original Message ----- From: "Dan Bullock" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, February 21, 2004 10:29 AM Subject: Re: Permitting email only from designated domain server
> > I suppose I could give anything from an ebay mail server +50 points and > score anything from an [EMAIL PROTECTED] email address with say 25 points. I > think that would have the effect I'm looking for. ? > > Dan > > Matthias Fuhrmann wrote: > > >On Sat, 21 Feb 2004, Dan Bullock wrote: > > > > > > > >>My explanation wasn't very well. My intent is to be able to score those > >>phishing emails that pretend to be ebay emails and ask for their ebay > >>login etc. > >> > >>All ebay emails should come from an ebay email server. So I want to > >>score any email that claims to be from ebay and does not originate from > >>an ebay email server. > >> > >>Does that explain my intent a bit better? > >> > >> > > > >yes, it does. but SPF (Sender Policy Framework) isnt yet available within > >SA. so i dont have a clue to get those pseudo ebay spammer. > >maybe you can use trusted_network on those ebay mx servers, preventing > >extra points from these DNS blacklist request. > > > >sorry, not much... > > > >regards, > >Matthias > > > > Try a meta rule - there's lots of help on the rules wiki for the format. Basically: header __ NO_EBAY_SERVER blah, blah header __EBAY_ADDR blah, blah meta EBAY_PHISH __EBAY_ADDR && __ NO_EBAY_SERVER description blah, blah score blah, blah
