How can they fake the last received from header? That is put on by your mail server... received from x.x.x.x by mail.server.com...
They can't fake the last received from header and so you are matching the from domain with the last received from header... -----Original Message----- From: cami [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 9:47 AM To: [EMAIL PROTECTED] Subject: Re: Custom Rule Help > That's Exactly what I am saying. By looking at the received from line > instead of the message id, you already get the inaddr.arpa address, so check > for the From domain there and you have your self an domain spoofer check. There is nothing stopping spammers from adding fake legitimate recieved headers.. Cami
