On Thu, 2008-06-05 at 12:02 +0200, Benny Pedersen wrote: > On Thu, June 5, 2008 07:33, ram wrote: > > > I do something like this. > > ((! SPF_PASS ) && ( ENV_FROM_GOOD_BANKS || HEADER_FROM_GOOD_BANKS) ) > > then give a score 3.0 > > > > Of course the GOOD_BANKS are a list of bank which have SPF records. > > we could olso just give scores on spf fail with a meta :-) >
NO, Phishers sometimes just forge the Header from & not the Env-From. You would not get a SPF_FAIL, because there was nothing wrong with the sender address. But the end users are usually are not trained to look at the real sender.
