On 17.10.16 15:45, RW wrote:
> Most of what SpamAssassin targets is RFC compliant. It would be
> perfectly legitimate to score bogus addresses in the display name
> if it proved useful.
With "useful" being open to interpretation. ;-) Some of my customers are
willing to accept a much higher degree of potential spam than others, to
ensure that legitimate mail is less likely to be weeded out. Still, as
long as the default SA scores are zero (or close to zero) it might be
feasible to check if the decoded From-Header contains mismatching e-mail
addresses. It could be a spoof attempt, it could be misconfigured
software, but it could also be legitimate.