> You can't spoof Forward Confirmed rDNS. If we could find registrar of domain then I can write a rule
if( Expensive_registrar && Not_spoofed && Not_freemail ) we can give a negative score I would not like to whitelist the entire stuff though That means I would have to maintain a list of Expensive_registrars as well as a list of Freemail domains. I wonder if such lists are available though But you could have big corporates , with weak password policies and accounts getting compromised. So spam does come from these accounts Thanks Ram
