1. This can be done really effectively using SPF. I believe spamassassin can use spf, and most MTA's can too. I highly recommend it. You would not believe the number of viruses that get turned away by using SPF. It seems that many of the recent ones send mails to a target domain with a from address of the target domain. 2. Sounds pretty involved, and for many domains where all addresses are routed to a single address, it can't work. If you are using ldap or active directory or something like that, you may be able to get your MTA to check the destination address as the mail is coming in, and reject those to invalid addresses. Even if you aren't using AD, it sounds like you may be willing to set up something like a database or ldap directory. 3. I think this one may cause you more trouble than you anticipate. Internally, you set up all of your display names to adhere to some sort of policy, but someone externally who adds you as a contact in outlook with "My friend Mabry" as the name will potentially be picked up as spam because the display name on the email is going to be "My Friend Mabry".
Just my thoughts. Jerry http://www.syslog.org > (We use SA (currently 2.64) called from procmail-delivered sendmail on > Solaris systems. We get something over 100K msgs/day. Most of our mail > is addressed using @ our local domain.) > > Three suggested rules: > 1) Detect mail allegedly from a local address that is invalid > (should get a high score) > 2) Detect mail that has multiple invalid local addresses in the To: > and CC: fields (should get a medium score for 2 or more) > 3) Detect mail for which the From:, To:, and CC: fields contain > known or unknown display-names corresponding to local addresses. >
