On Thu, May 11, 2023 at 09:41:34PM +0000, Marc wrote: > > > I was wondering if spamassassin is applying some sort of algorithm to > > > comparing sender domain against recipient domain to detect a phishing > > > attempt? > > > > There is a suite of meta rules and subrules with names containing > > TO_EQ_FROM in the default rule channel. Consult the rules files for > > implementation details. > > hmmm, I guess not > > some test message with these headers > test2:~# spamassassin -D < spam-test.txt > out2 > > Date: Mon, 24 Oct 2016 22:10:07 +0200 > To: recipi...@alexander.com > From: Lara <sen...@a1exander.com>
That is because those domains are not EQUAL? Od did you wanted a rule that checks only on SIMILAR domain names (e.g. with lowercase letter "L" replaced with number "1" as in your example)? Also, most of those rules (like __TO_EQ_FROM_DOM) will not show in standard output, but only in standard error, so you should call it like this: spamassassin -D < spam-test.txt > out2 2>&1 to be able to see it in: grep TO_EQ_FROM out2 -- Opinions above are GNU-copylefted.