Hello,
Recently I got a pump-and-dump spam that got through because of a
significant
score amount being subtracted by matching the RP_MATCHES_RCVD rule.
When investigating the headers, I've observed the following:
...
Received: from unknown (HELO localhost) ([email protected]@223.229.72.179)
by diply-magpie.volia.net with ESMTPA; Tue, 13 Aug 2013 06:51:46 +0200
X-Originating-IP: 223.229.72.179
From: [email protected]
...
I suspect that the intentionally malformed address in Received triggers
the rule.
Regards,
Adrian
