On 17.10.16 15:45, RW wrote: > Most of what SpamAssassin targets is RFC compliant. It would be > perfectly legitimate to score bogus addresses in the display name > if it proved useful.
With "useful" being open to interpretation. ;-) Some of my customers are willing to accept a much higher degree of potential spam than others, to ensure that legitimate mail is less likely to be weeded out. Still, as long as the default SA scores are zero (or close to zero) it might be feasible to check if the decoded From-Header contains mismatching e-mail addresses. It could be a spoof attempt, it could be misconfigured software, but it could also be legitimate. -Ralph
