spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kelson <>
Subject Re: List of Banks often spoofed in Phishing scams
Date Tue, 03 Jun 2008 16:32:18 GMT
Marc Perkel wrote:
> If the FCrDNS matches one of these domains it is ham.
> If the sender or from address matches one of these domains and the 
> domain doesn't appear in the Received headers - it's a phish.
> <snip>

It's worth noting that Citibank still sometimes uses other domains. 
I've seen legit mail from them that uses a address, but is 
sent from a server.

It could be worse -- a few years ago, they'd use about 5 or 6 domains on 
a regular basis, including the defunct  Take a look at the 

Kelson Vibber
SpeedGate Communications <>

View raw message