Yavuz Maslak a écrit : > Sometimes, although anyone don't use domain.com's server, he sends many > mails using himself smtp service as if these mails come from @domian.com. > > the domain.com may be hotmail.com , gmail.com. > > is there a rule for that so that we can give some score for these mails?
for gmail, you can use dkim verification. look at the rules in http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim you may want to accept non signed gmail mail if it comes from nabble or others. for hotmail, there are already rules to catch such forgeries. take a look at http://spamassassin.apache.org/tests_3_2_x.html if you have sample false negatives, post them on pastebin.com.