>
> > I was wondering if spamassassin is applying some sort of algorithm to
> > comparing sender domain against recipient domain to detect a phishing
> > attempt?
>
> There is a suite of meta rules and subrules with names containing
> TO_EQ_FROM in the default rule channel. Consult the rules files for
> implementation details.
>
>
hmmm, I guess not
some test message with these headers
test2:~# spamassassin -D < spam-test.txt > out2
Date: Mon, 24 Oct 2016 22:10:07 +0200
To: recipi...@alexander.com
From: Lara <sen...@a1exander.com>
Subject: asdf asd fas df asdf asdf asd fas dfa sdf
Message-ID: <c62c9a07b9eae3e640f24740c8627...@a1exander.com>
Return-Path: sen...@a1exander.com
gives this result:
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on test2.local
X-Spam-Flag: YES
X-Spam-Level: ****
X-Spam-Status: Yes, score=4.4 required=3.0 tests=DKIM_ADSP_NXDOMAIN,
EMPTY_MESSAGE,RDNS_NONE,T_TVD_MIME_EPI autolearn=disabled version=3.4.6
X-Spam-Report:
* 0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in
* DNS
* 0.0 T_TVD_MIME_EPI BODY: No description available.
* 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
* 2.3 EMPTY_MESSAGE Message appears to have no textual parts
