On Tue, 4 Jun 2002, Harry Putnam wrote: > This line appears in mail: > X-Spam-Status: Yes, hits=2.2 required=2.0 tests=Repeat_Any_Allcap,\ > FORGED_YAHOO_RCVD version=2.20 > > Yet a grep of the received headers reveal no instance of yahoo.
I'll answer since this has come up before and I suggested the rule. Read the description, not the rule name. The name is an abbreviation chosen more for similarity to names of other rules that examine Received headers than for congruence with its description. In this case it means that the message claims to be From: yahoo.com but (as you noticed) does NOT mention a yahoo mail server in the Received: headers. It's very common for spammers to use a nonexistent local-part @yahoo.com (or other free mail service) as the From: address -- far more common than it is for real yahoo users to set the From: line to their yahoo account when sending from some other source. And please excuse me for saying so, but 2.0 is a ridiculously low spam threshold. I'd lose half my email if I were to set it below 4.0. _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
