> So my question is can we have rulesets in spamassassin that can compare
> the sending host domain with the latter part of @ of content id or look
> for @ in the content id.
Nice analysis!
Yes, we can make rules that will (often, not always) catch this sort of
thing. The problem is they require a capturing group, and that is
relatively slow in Perl. Further, it is reputed by many to slow down ALL
tests as soon as you put it into one test. I don't know if this is really
true or not, but it is something that can be at least roughly measured in a
mass-check.
I'll see about doing some rules over the weekend to try this.
Loren
PS: A plugin would be another way of doing these, and theoretically would
not slow things down. Someday I'm going to have to figure out how to write
a plugin...
