We seem to be having a problem where clients that we interact with regularly are having their hotmail/gmail/yahoo accounts hijacked. We are receiving e-mails from their accounts that legitimately go through the correct servers (hotmail,yahoo, etc.) and so they get passed through our spam filters. The messages have different bodies but basically say the same thing that they were on vacation and had all their money stolen so they need to have money wire transferred to them.
Obviously we just have to tell the clients that they need to deal with the various e-mail providers, but is there an effective way that I can filter these messages out before my users see them without blacklisting the address? In one case I had probably 15 users that received the same message and naturally they freaked out. I have put a sample at: http://pastebin.com/9BDXrxmm Note I did change the real e-mail address in this message but the hotmail address used is valid just masked. The message doesn't hit any rules of significance on my system. BAYES_00=-1.9,FREEMAIL_FROM=0.001,HTML_MESSAGE=0.001,RCVD_IN_DNSWL_NONE=-0.0001,SPF_PASS=-0.001,T_RP_MATCHES_RCVD=-0.01,T_TO_NO_BRKTS_FREEMAIL=0.01 Thanks --Dennis
