spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ram <...@netcore.co.in>
Subject Re: List of Banks often spoofed in Phishing scams
Date Thu, 05 Jun 2008 10:53:11 GMT

On Thu, 2008-06-05 at 12:02 +0200, Benny Pedersen wrote:
> On Thu, June 5, 2008 07:33, ram wrote:
> 
> > I do something like this.
> > ((! SPF_PASS ) && ( ENV_FROM_GOOD_BANKS || HEADER_FROM_GOOD_BANKS) )
> > then give a score 3.0
> >
> > Of course the GOOD_BANKS are a list of bank which have SPF records.
> 
> we could olso just give scores on spf fail with a meta :-)
> 

NO,

  Phishers sometimes just forge the Header from & not the Env-From. 
You would not get a SPF_FAIL, because there was nothing wrong with the
sender address. But the end users are usually are not trained to look at
the real sender. 




Mime
View raw message