I have been using the IPcountry plugin for a while, giving a slight boost to the scores of some countries that we get more spam from and do less work with. I have noticed, recently, that a fair number of really obnoxious spam is relayed between two countries before being delivered. Is there some way to grab the metadata from IPCountry to count the number of countries that were involved in sending a mail, and set a score based on that?
For example, the last phish I received originated in the Netherlands and was forwarded through Hong Kong, before delivery in the US. Any thoughts? -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com
signature.asc
Description: This is a digitally signed message part
