On Wed, Jul 31, 2013 at 2:06 PM, Franck Martin <fmar...@linkedin.com> wrote:
> > On Jul 31, 2013, at 10:08 PM, Kevin Miller <kevin_mil...@ci.juneau.ak.us> > wrote: > > > Problem is, the from adddress is often a "Joe job" - i.e., a forged > address, so the domain mentioned there likely doesn't have anything to do > with the actual source of the mail. It seems to me that if the domain > isn't the actual source of he spam, it can be detrimental to be filtering > on it, particularly if Bayes is learning from it or your MTA auto-reports > it to RBLs. > > > > Why would they use a forged domain which is on a blacklist? > Indeed, if someone uses a forged domain which is on a blacklist in the header of their mail, we want to block that email too. Some smart B2B spammers know about this loophole in SpamAssassin and don't use their domain name in the message body, using it only in the header where the URI checks aren't done.
