Yes, most spams use either invented addresses or other addresses off spam lists. Once your address is "in the wild" you can't do much about it. And a lot of spammers choose another address in your domain as the sender, to take advantage of possible domain-level whitelists.
I use whitelist_from_rcvd for our domains to whitelist all outbound mail. That way spoofed From addresses don't get the whitelisting, but only those that also list one of our internal mail servers in a Received line. Pierre Thomson BIC -----Original Message----- From: John Fleming [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 11, 2005 1:06 PM To: users@spamassassin.apache.org Subject: Help spoofed addy This will be boring for many of you, but I need some advice. I run a low-volume mail server for friends/family/church and have had a very good experience with SA and site-wide Bayes. I know that email addys can be spoofed, but I know nothing about the details of that. I just got my first spam where it looks like my own addy was spoofed for an email TO ME (and who knows who else!). For reasons I've forgotten, I had my own addy in the white_list with a large negative score, so of course, the spam got through. I know that this is a reason not to use the whitelist, or at least maybe not with such a high score. Is there anything else I can do to guard against this? What is the most common way someone's addy can get picked for spoofing, or is it all done via robots etc...? Any advice welcomed! Thanks - John Return-Path: <[EMAIL PROTECTED]> X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from Elena (125.Red-213-96-119.pooles.rima-tde.net [213.96.119.125]) by wa9als.com (Postfix) with ESMTP id 2D61633E676 for <[EMAIL PROTECTED]>; Wed, 11 May 2005 11:24:27 -0500 (EST) Received: from mnsf3445.broadcast.teleplo.net ([172.26.0.2] helo=localhost.localdomain) by Elena with esmtp (Exim 4.43) id 1DVu0W-0008TY-HW for [EMAIL PROTECTED]; Wed, 11 May 2005 18:24:24 +0200 Date: Wed, 11 May 2005 18:24:24 +0200 To: [EMAIL PROTECTED] From: Sofia <[EMAIL PROTECTED]> Subject: Re: info request Message-ID: <[EMAIL PROTECTED]> X-Priority: 1 X-Mailer: PHPMailer [version 1.72] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_b66434f7fad33d906d6679e3e8277ba2" X-Virus-Status: No X-Virus-Checker-Version: Luke wa9als.com running clamassassin 1.2.1 with ClamAV 0.84/875/Tue May 10 06:27:59 2005 signatures 31.875 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on Luke.wa9als.com X-Spam-Level: X-Spam-Status: No, score=-96.1 required=5.0 tests=BAYES_00,HTML_40_50, HTML_MESSAGE,HTML_SHORT_LENGTH,PORN_URL_SEX,RAZOR2_CHECK, RCVD_IN_BL_SPAMCOP_NET,USER_IN_WHITELIST autolearn=no version=3.0.2 Status:
