On Thu, May 11, 2023 at 09:41:34PM +0000, Marc wrote:
> > > I was wondering if spamassassin is applying some sort of algorithm to
> > > comparing sender domain against recipient domain to detect a phishing
> > > attempt?
> > 
> > There is a suite of meta rules and subrules with names containing
> > TO_EQ_FROM in the default rule channel. Consult the rules files for
> > implementation details.
> 
> hmmm, I guess not 
> 
> some test message with these headers
> test2:~# spamassassin -D < spam-test.txt  > out2
> 
> Date: Mon, 24 Oct 2016 22:10:07 +0200
> To: recipi...@alexander.com
> From: Lara <sen...@a1exander.com>

That is because those domains are not EQUAL? Od did you wanted a
rule that checks only on SIMILAR domain names (e.g. with lowercase
letter "L" replaced with number "1" as in your example)?

Also, most of those rules (like __TO_EQ_FROM_DOM) will not show in
standard output, but only in standard error, so you should call it
like this:

spamassassin -D < spam-test.txt  > out2 2>&1

to be able to see it in:
grep TO_EQ_FROM out2

-- 
Opinions above are GNU-copylefted.

Reply via email to