Thomas Deaton wrote: > I mean the people are not who they say they are... take the latest Ebay > "click here" spam, for instance. The "click here" gets you a virus, but the > sender is not from Ebay... he just looks like he is.. sorry if I'm not making > more sense. >
Ahh, you don't want to validate IPs, you want to validate domains. Spoofed From: address: Use SPF. SA 3.x supports this by default. Spoofed URLS: (ones that try to look like a link to ebay.com but really take you to x.y.z.com) At the SpamAssassin level, it's best to make sure your version of SA is using URIBLs. especially the PH list at surbl.org. (3.0.x should do this by default, provided your init.pre was installed correctly and you've got a recent version of Net::DNS) Really, URL spoofing is best dealt with in your mail client and web browser. Most reasonable mail clients can be made to complain about HTML that creates a faked-out link, either by default or with add-ons. Most web browsers have plugins available which can do this too. Although this is an "after-the-fact" solution, it's still helpful and also offers some protection against URL spoofing on webpages, not just email.
