OK, I figured it out. It happens when someone uses Yahoo! Mail to send
something to Yahoo! Groups. The "received" for Yahoo! Groups looks like:
> Received: from [216.115.97.190] by n22.groups.yahoo.com with NNFMP; 02 Mar
> 2002 03:35:46 -
Here's a patch that should recognize this.
Index:
These headers gave me a false FORGED_YAHOO_RCVD:
Received: (qmail 3704 invoked from network); 2 Mar 2002 03:34:28 -
Received: from n22.groups.yahoo.com (216.115.96.72)
by nightrealms.com with SMTP; 2 Mar 2002 03:34:28 -
X-eGroups-Return:
[EMAIL PROTECTED]
Received: from [216.115.97.190
