>How do I apply a blacklist against the "Received:" header -- not merely
>the "Reply
>To:" header? I realize that this has been discussed ad nauseum, but in
>scanning
>the archives and manual, I still don't have a clear understanding.
The "sender blacklist" will blacklist senders, which is based on the
"return address" of the E-mail (where bounce messages go), which is often
different than the From: or Reply-To: headers.
Note that no E-mail address will appear in the Received: header.
>For example, our blacklist (from imagefxonline) contains the offending
>"speedi-list.com" domain. Great! However, mail from this spammer is not
>being
>detected by the blacklist because their Reply-To headers contain an apparently
>randomly-generated "beawnez.com."
>How do I tell JunkMail to also search the "Received" header, where the
>REAL spammer
>is identified without reformatting the two-column (domain/reason) blacklist?
Declude JunkMail doesn't look at the Reply-To: header (unless you are using
a filter that checks the entire E-mail). To check the HELO/EHLO text (the
domain that appears in the Received: header), you can set up a HELO filter
(with Declude JunkMail Pro, using the latest release).
However, note that the HELO/EHLO text is whatever the administrator of the
remote mailserver decides it should be. So if the spammer is sending to
you directly, it will be made-up. If he is sending through an open relay,
he won't have control over the HELO/EHLO text, but the E-mail would more
easily be caught based on the IP address of the remote mailserver.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
