Hi all, So, I've a condition where people send mails to my domain with with fake "From:" header in the body of mail (which Thunderbird or any MUA shows while reading the mail).
This is actually an authentic way of sending mail if the user that's sending mail has proper authority over the email that's mentioned in body part. (which is not the case here) To make my point clear enough, the spammer is authenticating with a certain mailfrom and then it adds a "From: " part in the body which Thunderbird picks up while showing the mail. This way people can get fooled that mail is actually coming from that user. What are some possible and standard ways of filtering/rejecting those kinds of mails? It would a plus to have a "hash" kind of thing that'll make sure what all possible "mailfrom" and "from" combinations are. People can exploit this thing to send mails from say, "ad...@paypal.com" and fool users. In Gmail, they handle this kind of thing by showing "via" thing when viewing the mail. -- Regards, Abhijeet Rastogi (shadyabhi) http://blog.abhijeetr.com
