Hi, >>> header __RCVD_OFFICE365 Received =~ >>> /\.outbound\.protection\.outlook\.com \[/ >>> header __RCVD_OFFICE365_PROXY X-ClientProxiedBy =~ >>> /\.outlook\.com >>> \(/ >>> >>> header __OFFICE365_TRUST_ORG X-OriginatorOrg =~ >>> /^(ena\.com|example\.com)/ >> >> >> You've set this to be your local system, but what if the mail relay >> does not process outbound email? What are legitimate values for this >> header? >> > > I don't have "ena.com" in my own rule. Rather I have dozens of others > listed. Sorry if this is confusing to imply this is for outbound mail. > >> In other words, is this helpful if your mail relay doesn't process >> your outbound mail? >> > > Yes. It's not meant for outbound but inbound. I shouldn't have put > "ena.com" in there for me but you could put it in there for your local rules > if you think our email is trustworthy. :)
I think I'm still a little confused. I did a quick search on existing email received with that header, and it's a hugely varied list with an equal amount trustworthy as untrustworthy. I don't think it's feasible to maintain a list of trustworthy domains for this header, unless I'm missing something? Also, the youngliving.com domain that was listed in my spample still isn't blacklisted on any legitimate list. This looks to be a legitimate domain with a compromised account. You had mentioned your rules don't really work on compromised accounts from legitimate domains, but also that it cuts down on invoice spam. Is this one of those cases where your rules don't really help? > > -- > David Jones
