Joseph Brennan writes: > > > Try using senderbase: > > > > http://www.senderbase.org > > > Not as accurate as it would appear. They list faked Received headers. > We had a host at columbia.edu that did not send any mail (confirmed by > its own logs and by our network traffic monitor) listed as the largest > source of mail in the columbia.edu domain-- all because a spammer was > pretending his mail originated at it, by a faked Received header. This > went on for about a year, and we complained a few times, and they did > not fix it. The spammer moved on eventually.
by the way, if you still have cases along these lines, feel free to mention them on the list -- they sometimes turn out to provide good rules ;) --j.
