Re: [Declude.JunkMail] Another very effective filter test

[Bill Landry]

Maybe so, but why exclude yourself to flagging other forged combinations of your hostname/domain name?  I would still suggest using either CONTAINS or ENDSWITH so that you can catch all of the various combinations that spammers might use.   Bill ----- Original Message ----- From: Matthew Bramble To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 12:22 PM Subject: Re: [Declude.JunkMail] Another very effective filter test Bill, The first example is what I did.  BTW, I have found from monitoring that most (all so far) spammers just simply use what appears after the @ symbol instead of having something lookup the MX every time. Matt Bill Landry wrote: Matt, what the spammers do is use the names that are listed as you mx records as their helo name, so if your domain is abc.com, but you have your mx records setup as mx1.abc.com and mx2.abc.com, then you will either want to use:   HELO     0    IS    mx1.abc.com HELO     0    IS    mx2.abc.com   or   HELO     0   CONTAINS    abc.com   Bill -- =================================================== Matthew S. Bramble President and Technical Coordinator iGaia Incorporated, Operator of NYcars.com --------------------------------------------------- Office Phone: (518) 862-9042 Fax: (518) 862-9044 E-mail: [EMAIL PROTECTED] or [EMAIL PROTECTED] ===================================================