Sure, they do spoof, but one could write a script that pokes around the message content, looking for a URL or signature and use that instead.
I found some rulesets, 70_sare_evilnum*.cf, that seem to do what I want, but I don't know how to use them; documentation is scarce for SpamAssassin. Does anyone know what these files are and how to use them? mouss-2 wrote: > > FractalBob wrote: >> Can SpamAssassin be configured to use the domain in the sender e-mail >> address >> or in the message content itself as an input parameter to, say, a WHOIS >> search, in order to locate either the sender or his ISP? I know this >> would >> be expensive, since it would require going out to the network, but it >> could >> be really useful. TIA! >> > > - there is no usable whois interface for that. most whois sites will > blacklist you if you knock them too much. > > - since spammers often forge the sender address, you don't really care > of the corresponding whois infos. > > -- View this message in context: http://www.nabble.com/Using-sender-e-mail-address-or-message-content-data-in-WHOIS-search-tp20375286p20381887.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
