spam emails sent by bots using Amazon SES servers are getting through
because i have amazonses.com in my whitelist due to several "important
/ trusted companies" using amazon ses.
How does this rule work, to separate the "Received: ", versus the "From: " ?
the header "From: " is NOT in my whitelist,
but the value of "Amazonses.com" IS IN my whitelist
why is it using the value from the header "Received: " and not the
value from the header "From: " ?
how can I improve the spam filtering?
headers:
--------------------------
Received: from [54.240.4.1] (port=52099
helo=a4-1.smtp-out.eu-west-1.amazonses.com)
by mail.eee.com with esmtp (Exim 4.86_2)
(envelope-from
<01020194838ad102-b7f40763-2fee-4834-935a-d1adfa2b0318-000...@eu-west-1.amazonses.com>)
id 1tZqGT-0001qQ-Gq
for st...@eee.com; Mon, 20 Jan 2025 06:48:24 -0500
From: =?utf-8?Q?SUPPORT?= <unterstutz...@frizbiz.cycloid.io>
24 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-100 USER_IN_SPF_WELCOMELIST From: address is in the user's SPF
welcomelist
