On Sun, 23 Sep 2018 20:37:48 +0100 Michael Grant wrote:
> I tried to read through the plugin. I'm not a spamassassin plugin > developer, I didn't have much luck trying to figure out how to do it > myself. I know this plugin only does subject and body but I saw > nothing in the plugin itself that referenced the subject header. > arbitrary header through this like the subject and body. The subject text is the first paragraph of the normalized body which is parsed for domains. > I am not sure you need to do that. Why not just run all the headers > or rather the entire message including headers through this plugin > just like the body, in fact, just extend it's scope to look at the > entire message rather than just the body & subject. Most emails don't have a domain in the body, so if you start adding a lot of domains from the headers, the number of look-ups could increase dramatically. It could push some mail servers beyond the usage limits. The main point of URI blocklists is to catch the website that's the point of contact with the spammer. I think it going to be pretty rare for a listed domain to appear in the headers without its being in the body. That was my experience with my askdns rules. The from header is already largely covered by the parse_dkim_uris option. Reply-to might be worth trying, but most of the interesting reply-to addresses are Freemail.
