On Fri, 15 Sep 2017 11:50:25 +0100 Sebastian Arcus wrote: > I see this has come up again and again. Since FORGED_YAHOO_RCVD seems > to work by checking the address of the Yahoo smtp server in the > headers against a predefined list of Yahoo servers in SA, and Yahoo > seems to add new servers all the time - which causes false positives,
It's based on Yahoo received header formats, but they are liable to change. > is there much point to this check? The rule was created and scored when spoofing Yahoo was very common, but it isn't any more. I don't think it's worth keeping as it is - high maintenance and error prone.
