Let's take wellsfargo.com (Wells Fargo Bank) as an example.
If the FCrDNS of the connecting server is *.wellsfargo.com it is ham.
If wellsfargo.com is in the received lines and not forged it is ham.
If wellsfargo.com is in the received headers and it is forged it is spam.
If wellsfargo.com is in the received lines and there are IP in received
with invalid FCrDNS then it is forged.
If wellsfargo.com is not in the received headers then it is spam.
Most all banks can be detected with 100% accuracy with these rules.
For banks that let 3rd parties send email for them we can add specific
exceptions including if the SFP lists it, or a list of known 3rd parties
that pass the bank's email.
Here's why this is important. It hits the fraud community hard. Takes
the money out. Makes spam less profitable.
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
