On Tue, 2022-05-10 at 17:29 -0600, Philip Prindeville wrote: > > You're correct that they're different in every message received. > So write a rule that fires on any header name that *doesn't* match anything in the list of legit headers as defined in the relevant RFCs.
Of course you may need to extend that list to include some extras, such as headers injected by SA itself, as well as DMARC, DKIM, SPF etc. Martin
