spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Miles Fidelman <>
Subject Re: FROM header with two email addresses
Date Wed, 27 Sep 2017 18:42:05 GMT
This could also be an attempt to get a mailing list to work.

There's a continuing problem with email list traffic getting bounced by 
DKIM, and various work-arounds - the gist is that the mail has to come 
from the list manager, but you still need a way to indicate the original 
author of the message.  Hacks abound. But basically, DKIM is just broken.

Miles Fidelman

On 9/27/17 12:16 AM, Jakob Curdes wrote:
> Hello all,
> I recently stumbled onto a mail with a Spam link where the FROM header 
> field looked like this:
> From: "Firstname Lastname@" < 
> which is displayed in different ways on different devices but most do 
> display something resembling an internal from address, maybe with an 
> additional second external address.
> So it is a way to make users think this is an internal sender - 
> probably it gets harder and harder to circumvent the ever-growing SPF 
> rejections.
> (The real sender domain has a valid SPF and DKIM entry).
> I wonder whether it is possible to detect such a header with 
> spamassassin means? I only see the following rules that hit:

> I looked into the NAME_EMAIL_DIFF rule but this seems to be a slightly 
> different scope and I would not want to just raise the score for that 
> rule, it would probably give many false positives.
> This is spamassassin 3.3.1 on Centos 6.
> Regards and thanks, JC

In theory, there is no difference between theory and practice.
In practice, there is.  .... Yogi Berra

View raw message