On Wed, 31 Oct 2012, Niamh Holding wrote:
But it isn't... maybe 2 rules need amending so they don't hit genuine UK national lottery ham.
Unfortunately there doesn't appear to be a really reliable way to do that. There was neither valid SPF nor valid DKIM on that message that would allow the lottery domain in the from or received headers to be trusted.
I suppose the rules could look for the UK lottery domain in the external received list and not fire, or reduce the score, but that's trivially subject to forgery.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- ...the Fates notice those who buy chainsaws... -- www.darwinawards.com ----------------------------------------------------------------------- Today: Halloween
