Is this a good idea, or would this result in false positives for sure?įirefox 4 has been released today. If necessary, I could raise the score a little, but in the mean time, it’s nice to know that a legitimate mail, even if it came from abroad, could still have a chance to come through. Meta DUTCH_BANK_FOREIGN_IP (_FROM_DUTCH_BANK & !_GEO_FROM_NL)ĭescribe DUTCH_BANK_FOREIGN_IP Dutch bank mailed from a foreign IPĪnything with a score of 3.1 or higher is considered SPAM, so adding 2.5 points can still get the message through, if nothing else is wrong with it. Header _FROM_DUTCH_BANK From =~ /(ING Bank|Rabobank|ABN AMRO)/i ![]() ![]() Header _GEO_FROM_NL X-GeoIP-Code =~ /^NL$/ So, if I want to block mails from a certain sender (and I want to be looking at the From: header rather than the envelope sender here), unless it came from inside the Netherlands, I can just implement a simple SpamAssassin check: # Phishing from Dutch banks Every mail coming in through my MTA has headers like these: X-GeoIP-Code: US My MTA is Exim, and it is already configured to identify the originating country for a given email, using a GeoIP lookup. The question is: do theses mails originate from the Netherlands? I don’t think I have ever received a legitimate mail from a bank I do business, but I have been told by friends, and by ABN AMRO bank itself, that they do sometimes send out mail to (potential) customers. Now, the solution that I came up with, is somewhat crude, but I wonder if it will result in any false positives. ![]() More or less the only ‘spam’ that reaches my inbox, is the occasional phishing mail, made to appear to be sent from a Dutch bank, trying to find out my online banking credentials.
0 Comments
Leave a Reply. |