Hello Michael,

No. Which is fine, because there are usually no URIs in headers, and when
there are, they are likely to be standard List-* headers, which are unlikely
to be useful.

Dont agree with that. We see many usecases for header checks...

We see many spams with a from domain inside SURBL.
And we have been testing this on our corpus for over 18 months now.

You can obviously use 'full' or the 'all' pseudo-header and look for
specific domains, but identifying everything in the header that COULD be a
domain and just testing that against a DNSBL designed for domains found in
URIs could have very bad failure modes.

I think we passed that point some years ago tbh.

How about just say the from or received headers?  Is there something
like check_rbl that would look up a domain name rather than an ip
address that I could look up the domain in that URIBL list?

I played with check_rbl() but this seems only to look up numeric ip
addresses.

You can test with:

header SURBL_MULTI_HDR eval:check_hashbl_emails('multi.surbl.org', 'raw/max=10/shuffle/host', 'ALLFROM/Reply-To', '^127\.0\.0\.\d+$')
priority       SURBL_MULTI_HDR           -100
describe SURBL_MULTI_HDR Domain in email headers found in surbl multi

And score accordingly.

You could also check off reply-to/the from and so on seperately.

Have fun± Raymond Dijkxhoorn - SURBL

Reply via email to