>How do I apply a blacklist against the "Received:" header -- not merely >the "Reply >To:" header? I realize that this has been discussed ad nauseum, but in >scanning >the archives and manual, I still don't have a clear understanding.
The "sender blacklist" will blacklist senders, which is based on the "return address" of the E-mail (where bounce messages go), which is often different than the From: or Reply-To: headers. Note that no E-mail address will appear in the Received: header. >For example, our blacklist (from imagefxonline) contains the offending >"speedi-list.com" domain. Great! However, mail from this spammer is not >being >detected by the blacklist because their Reply-To headers contain an apparently >randomly-generated "beawnez.com." >How do I tell JunkMail to also search the "Received" header, where the >REAL spammer >is identified without reformatting the two-column (domain/reason) blacklist? Declude JunkMail doesn't look at the Reply-To: header (unless you are using a filter that checks the entire E-mail). To check the HELO/EHLO text (the domain that appears in the Received: header), you can set up a HELO filter (with Declude JunkMail Pro, using the latest release). However, note that the HELO/EHLO text is whatever the administrator of the remote mailserver decides it should be. So if the spammer is sending to you directly, it will be made-up. If he is sending through an open relay, he won't have control over the HELO/EHLO text, but the E-mail would more easily be caught based on the IP address of the remote mailserver. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.