On Mon, 17 Oct 2016 16:30:43 +0200 Ralph Seichter wrote: > On 17.10.16 15:45, RW wrote: > > > Most of what SpamAssassin targets is RFC compliant. It would be > > perfectly legitimate to score bogus addresses in the display name > > if it proved useful. > > With "useful" being open to interpretation.
As with everything, "useful" comes from rule QA and feedback. > Some of my customers > are willing to accept a much higher degree of potential spam than > others, to ensure that legitimate mail is less likely to be weeded > out. Still, as long as the default SA scores are zero (or close to > zero) it might be feasible to check if the decoded From-Header > contains mismatching e-mail addresses. It could be a spoof attempt, > it could be misconfigured software, but it could also be legitimate. I'm not saying that it should be done, in my experience spammers don't usually put email addresses there. My point is that RFC compliance is irrelevant.
