Are you telling me it's that simple. I want to score the emails without my domain in To field. I can do this both ways 1. Score when To: contain main domain negatively header HDR To=~ /\@mydomain\.com/i describe HDR To mydomain score HDR -2
2. Score when To: does not contain my domain positively. But will it work? header HDR To!~ /\@mydomain\.com/i describe HDR To mydomain score HDR 2 wt., 20 paź 2020 o 20:50 Dave Wreski <dwre...@guardiandigital.com> napisał(a): > > Thanks for quick reply, but blacklist what? > > The problem is I do not know this spammy domains. > > I want to give a score when To: field is NOT in anyaddr...@mydomain.com > > If only it were that easy. > > You'll notice that recipients of this mailing list receive mail to the > mailing list address, not to each recipient. > > You might have better luck building a meta rule that combines the "To:" > field with something else, like a body rule or lack of presence of an > SPF record, etc. > > You might also consider building rules based on email !__MYDOMAIN, and > excluding cases like this mailing list, then otherwise adding points > that would normally be overcome by a proper SPF record or Envelope From > address, for example. > > You should submit a few of these emails to pastebin.com where we can > analyze them more thoroughly for other patterns. > > Regards, > Dave > > > <mailto:anyaddr...@mydomain.com> > > > > cheers > > Miki > > > > > > wt., 20 paź 2020 o 20:25 Benny Pedersen <m...@junc.eu <mailto:m...@junc.eu>> > > > napisał(a): > > > > Miki skrev den 2020-10-20 21:19: > > > Let's say my domain is mydomain.com <http://mydomain.com> [2]. > > 99% of all the e-mails have: > > > To: m...@mydomain.com <mailto:m...@mydomain.com> > > > But some e-mails, most likely sent using BCC are coming with: > > > To: anyu...@anydomain.com <mailto:anyu...@anydomain.com> > > > > > > Nearly all of them are spam. > > > > blacklist_to then > > > > set blacklist_from to same > > > > this is forged protecting safe > > > > and yes its not fool proff since bcc can be used on remote > > >
