Hi, I had an idea for a test which i don't think exists, at least not in the current test list available on the website. Some hosts found in Received: headers are not registered in DNSes (often there are workstations) and we end up with a header like
Received: from 154.15.53.105 (unknown[154.15.53.105]) Some spammer seem to fake here an IP (sometimes random, sometimes in the same subnet, I also saw faking of the 2ndary MX): Received: from 154.15.53.150 (unknown [154.15.53.105]) Maybe a test could be added to check that the first 'hostname' (what was sent in the HELO) is not a hostname (fqdn or not) and that it doesn't match the second IP (the real one added by next server), and in this case increase the spam score ? -- Colin Récursion (n.m.): voir Récursion ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk