> > > I was wondering if spamassassin is applying some sort of algorithm to > > comparing sender domain against recipient domain to detect a phishing > > attempt? > > There is a suite of meta rules and subrules with names containing > TO_EQ_FROM in the default rule channel. Consult the rules files for > implementation details. > >
hmmm, I guess not some test message with these headers test2:~# spamassassin -D < spam-test.txt > out2 Date: Mon, 24 Oct 2016 22:10:07 +0200 To: recipi...@alexander.com From: Lara <sen...@a1exander.com> Subject: asdf asd fas df asdf asdf asd fas dfa sdf Message-ID: <c62c9a07b9eae3e640f24740c8627...@a1exander.com> Return-Path: sen...@a1exander.com gives this result: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on test2.local X-Spam-Flag: YES X-Spam-Level: **** X-Spam-Status: Yes, score=4.4 required=3.0 tests=DKIM_ADSP_NXDOMAIN, EMPTY_MESSAGE,RDNS_NONE,T_TVD_MIME_EPI autolearn=disabled version=3.4.6 X-Spam-Report: * 0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in * DNS * 0.0 T_TVD_MIME_EPI BODY: No description available. * 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS * 2.3 EMPTY_MESSAGE Message appears to have no textual parts