spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: compare 2 headers

Re: compare 2 headers

From: Benny Pedersen <me_at_nospam>
Date: Mon Oct 25 2010 - 14:49:03 GMT

On søn 24 okt 2010 22:33:21 CEST, "Lawrence @ Rogers" wrote
> I am writing a rule that deals with spam that claims to be coming
> from AOL's webmail client, where the e-mail has malformed HTML,
> references to remote images, and a high ratio of images to content.
> I guess I will have to find another way to detect them.

could you make a sample somewhere ?

aol spam seems to be softfailed on spf for such spams here

so why does webmail users try webmail to get a softfail in spf ?

even worse is that hotmail does not care of there envelope senders
forging in spf ip ranges, seen from outside that its sent from the
envelope sender but its forged non authed

-- xpoint