Yavuz Maslak a écrit :
> Sometimes, although anyone don't use domain.com's server, he sends many
> mails using himself smtp service as if these mails come from @domian.com.
>
> the domain.com may be hotmail.com , gmail.com.
>
> is there a rule for that so that we can give some score for these mails?
for gmail, you can use dkim verification. look at the rules in
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
you may want to accept non signed gmail mail if it comes from nabble or
others.
for hotmail, there are already rules to catch such forgeries. take a look at
http://spamassassin.apache.org/tests_3_2_x.html
if you have sample false negatives, post them on pastebin.com.
