Bug 6235 - 'From' domain does not match 'Received' headers
Summary: 'From' domain does not match 'Received' headers
Status: RESOLVED WONTFIX
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (show other bugs)
Version: unspecified
Hardware: Other All
: P5 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-06 16:04 UTC by Vicki Brown
Modified: 2018-01-28 17:07 UTC (History)
2 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vicki Brown 2009-11-06 16:04:28 UTC 
There is currently a test  FORGED_YAHOO_RCVD for
    'From' yahoo.com does not match 'Received' headers

I'd like to see a more general test
   'From' domain does not match 'Received' headers

It should probably come with a low score byt default but I think matching the actual sender domain to the From line would catch a LOT of trash

A rule like this should also be made easy to edit. Some of the most typical spam is mail that purports to be "from me" or other accounts in my domain, whatever my address happens to be.  Now that I know about this rule, I'm going to copy and edit it for my domain.

But if I hadn't een _looking_ for a "domain doesn't match Received headers" (actually I was searching for "Forged") I wouldnt have found this. I'm guessing a lot of people who could make good use of a copy of this rule don't know it exists.
Comment 1 Vicki Brown 2009-11-06 16:13:14 UTC 
Drat. That's an actual function call. It's not going to be easy to copy and customize. 

All the more reason to make that easy on the SA side so users have another tool on their end.
Comment 2 Dave Jones 2018-01-22 15:24:35 UTC 
There is little to no value in this for determining spam in 2018.  Received headers do not have to match anything with the from domain.  In fact, as more and more mail hosting is going to Google, Office 365, and other mail hosting, this is getting less and less useful for determining spam.
Comment 3 Dave Jones 2018-01-28 17:07:06 UTC 
No longer valid in determining spam.