> Is there a possibility of identifying the country where a domain is
> registered. Identyfying by tld seems in-correct
ifplugin Mail::SpamAssassin::Plugin::RelayCountry
header RELAY_IN X-Relay-Countries =~ /\bIN\b/
describe RELAY_IN Relayed through India
score RELAY_IN 1.0
header RELAY_STAR X-Relay-Countries =~ /\*\*/
describe RELAY_STAR Relayed through RFC1918
score RELAY_STAR 0.1
# Note that the "X-Relay-Countries" header is by default a pseudo
header
# that isn't actually added to the message, but can be matched by
rules
# and used by bayes.
# See also:
# Docs for Relay Country
#
http://spamassassin.apache.org/full/3.1.x/dist/doc/Mail_SpamAssassin_Plugin_RelayCountry.html
# Docs for IP::Country
# http://www.annocpan.org/~NWETTERS/IP-Country-2.22/lib/IP/Country.pm
# List of ISO 3166 2-character country codes
# http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
endif # Mail::SpamAssassin::Plugin::RelayCountry
more strict rule meta it with spf or dkim on sender domain
exsample headers for RU tld
# header __HRD_SENDER_RU From:addr =~
/@((([a-zA-Z0-9])|\.|\-)+)\.ru(\.?)$/i
# header __HRD_RECIPIENT_RU From:addr =~
/@((([a-zA-Z0-9])|\.|\-)+)\.ru(\.?)$/i
# header __HDR_ENVFROM_RU EnvelopeFrom:addr =~
/@((([a-zA-Z0-9])|\.|\-)+)\.ru(\.?)$/i
# header __HDR_RCVD_RU Received:raw =~
/from([[:blank:]]+((([a-zA-Z0-9])|\.|\-)+)\.ru(\.?)[[:blank:]])/i
# meta HDR_CCTLD_RU __HRD_SENDER_RU || __HRD_RECIPIENT_RU ||
__HDR_ENVFROM_RU || __HDR_RCVD_RU
# score HDR_CCTLD_RU 0.01
if your mta is postfix then check Return-Path header
