I was just supplying info I found that related to an earlier discussion, that might be useful to some rule writers out there. I found it interesting that someone had discovered how to match TO and FROM in S.A. But yes, MTA level would be better. Sorry if I missed any archives that detailed successful SA To and From matching - Mike out.
> -----Original Message----- > From: Sahil Tandon [mailto:sa...@tandon.net] > Sent: 5 January 2009 12:43 p.m. > To: users@spamassassin.apache.org > Subject: Re: TO: and FROM: line are the same. > > Matt Kettler wrote: > > > > There was some discussion on this list a while back about catching > > > Spam that contains the same E-Mail address in the TO and FROM lines. I > > > think it was decided that this could not be done, for some reason. > > > > > I don't know that anyone said it couldn't be done. It is however rather > > expensive. That long multi-header regex could take a very long time to > > run because it may have to scan the entire header block if one of the > > From/To headers is missing. > > > > Besides, Most "to and from are same" problems really boil down to > > "unauthorized host forging my domain as the sender and delivering mail > > to my server". There are many ways to deal with this problem already if > > it also occurs in the envelope FROM. SPF for example. > > Another option would be to simply block such emails (those with ENVELOPE > FROM == TO) at the MTA, before passing mail to SpamAssassin. The OP > should read the archives for discussion about the pros and cons. > > -- > Sahil Tandon <sa...@tandon.net>
