Skip wrote:
How about these rules? (watch the line wrap)
describe TO_HARVESTED To: obviously harvested
header TO_HARVESTED To =~ /\@(?:(?:(?:example|your|
some)\.domain)|(?:(?:example|your\.domain)\.com)|your\.favou?rite
\.machine)\b/
Can you tell me how this rule works?
it catches mail with a To header containing invalid email addresses that
were obviosuly harvested, such as "[EMAIL PROTECTED]" (literally, do not
replace with your own domain name) or "[EMAIL PROTECTED]".
These addresses are invalid because there is no "domain" or "machine" TLD.
Or give a more realistic example
it is realistic. copy-paste without edit.
(in my case I would use pelorus.org,
No. use the rule literally.
so feel free to demonstrate with that)
How can google let this go out?
I was wondering that too. Did it really come from gmail?
if it doesn't, you have a serious problem. your Received header says it
comes from 72.14.204.173, and
$ host 72.14.204.173
173.204.14.72.in-addr.arpa domain name pointer qb-out-1314.google.com.
$ host qb-out-1314.google.com
...
qb-out-1314.google.com has address 72.14.204.173
...
$ whois 72.14.204.173
OrgName: Google Inc.
...
so the IP "belongs" to google.
You can check the DKIM signature if you have an unaltered copy of the
message. but whether it's good or not, the IP is belongs to google.
