what useful information would you be looking for from this kind of comparison?
All the time I receive mail from people with non-local domains and regularly
receive e-mail from co-workers using the same domain as me.
The kind of things that might be useful are:
1) detecting local-domain forgeries (IE if you have DKIM/SPF, etc and the
message appears to be from your domain but fails those checks)
2) examining the "comment" part of the From: address to see if it contains a
misleading 'domain-like' text.
EG: From: "b...@my.domain.org" <bill-...@gmail.com>
On Thu, 11 May 2023, Marc wrote:
I was wondering if spamassassin is applying some sort of algorithm to comparing
sender domain against recipient domain to detect a phishing attempt?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
