> Is it pretty much the same body, just different senders? Yes and no. They are all the same body layout, some with different items in it. You can take a look at the body content here (screen captures of the content):
http://www.localassociates.com/?page_id=7 Wares range from auto warrantee's to shoes. Anyway, Header: http://pastebin.com/m51fd9344 body: http://pastebin.com/m7fe4c798 Please note, I use a perl script for doing the SA check. If the score is lower than a specific user threshold then the original email is attached. In the cases of all of these emails, they are to my personal account (or our testing accounts). So, no headers doesn't equal bad. Each message is indeed checked. I'm going to turn on debugging on one of the SA servers and see what the logs report for these actual requests (which will have to wait for 4 hours or so -- when most of the clients aren't using email). > > If it's just the senders you could easily blacklist the domains, none > of these domains look all that legit. I was thinking that would be the easy way to fix these couple domains, but I'm sure they have more bogus ones as well. > Can you copy a message or two (with full headers) to pastebin so we > can have a look? > > --Dennis
