> -----Original Message----- > From: Loren Wilton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 03, 2004 8:10 PM > To: [EMAIL PROTECTED] > Subject: Re: Custom Rule Help > > > There is nothing stopping spammers from adding fake legitimate recieved > > headers.. > > Sure. But as far as I know, received headers are always in reverse order > from the top of the header. So the fake headers are always at the bottom. > If you can validate the path from the top down to a legit ebay/paypal > site, > then it should be valid. If you hit a break in the middle of the chain > (or > find a dsl/comcast site) then anything under it is bogus. > > Offhand I can't think how to do this in SA, but it can be done with some > work. > > Loren
You are correct. And that is exactly my thinking. And yes, currently this is not possible in SA. But at the very least we could come up with some basic rulesets for all the primarily spoofed domains, like AOL, hotmail, and so on to perform a received from check and assign a few points if they appear spoofed. I would think these would be fairly easy to work out and incorporate given a little research on proper mail received from those domains. And here's hoping SA makes some changes to make it possible to extra the domain and then check for it in the correct header order... james
