"Daniel A. de Araujo" wrote: > I am having some problems when the users access some pages that has > the "send this article to a friend" resource, because the message > arrives with the senderīs address that is filled in the page and not > with a specific account. > So its impossible to set the address as a white-listed. > > Any ideas how to solve it ?
Write some custom rules to trigger on these messages- if they're legit, they *will* have some consistent segments you can use. Assign negative scores to those tests. (A test that checks your boundary server's Received: header to see if the message came into your system from a specific host is a good test; it's extremely difficult to forge. Not impossible, but difficult. I've got a few of those IIRC.) I don't recall any trouble with such sites myself recently; there were occasional messages with (IIRC) SA2.3x or 2.4x that got caught like this. -kgd -- Get your mouse off of there! You don't know where that email has been!
