Problem is, the from adddress is often a "Joe job" - i.e., a forged address, so the domain mentioned there likely doesn't have anything to do with the actual source of the mail. It seems to me that if the domain isn't the actual source of he spam, it can be detrimental to be filtering on it, particularly if Bayes is learning from it or your MTA auto-reports it to RBLs.
YMMV... ...Kevin ________________________________________ From: Franck Martin [fmar...@linkedin.com] Sent: Wednesday, July 31, 2013 10:05 AM To: Ralf Hildebrandt Cc: <users@spamassassin.apache.org> Subject: Re: Creating new rules On Jul 31, 2013, at 7:56 PM, Ralf Hildebrandt <ralf.hildebra...@charite.de> wrote: > * Franck Martin <fmar...@linkedin.com>: > >> I looked at http://spamassassin.apache.org/tests_3_3_x.html could not find >> any rule that do the above. Please help. > > That's a bit odd. I found it being mentioned here: > > http://www.spamhaus.org/faq/section/Spamhaus%20DBL#287 > http://spamassassin.1065346.n5.nabble.com/enabling-SpamHaus-DBL-td55862.html > http://svn.apache.org/repos/asf/spamassassin/trunk/rules/25_uribl.cf > > and by all means it should be enabled by default. > Ah yes, I saw these rules, but this is to check the domains of urls in the messages, not to check for instance that the domain used in the From: header is on the DBL.
