On Thu, 23 Jan 2014, RW wrote:
On Tue, 21 Jan 2014 09:50:13 +0100
Michael Monnerie wrote:
Am 20.01.2014 09:54, schrieb Michael Monnerie:
That should not matter. I want to say "if there is a bill claiming
to be from vodafone, then there MUST NOT be any link to anything
else than https?://vodafone.de". Any idea how I could check for
this?
Is this possible?
So I want to catch a real-looking vodafone bill that has any URI
to another domain. Also, as Vodafone uses SPF, I'd like to check
if I hit VODAFONEgood && !SPF signature in the mail.
this is complicated since you belive phishes only have this domain
as sender, url and envelope can match, and this would be great if
thay do, but its hard to figure out for spamassassin with domains
is forged or not based on this
I mean: if there's a mail whose context says it's a bill from
Vodafone, then it should be from Vodafone and have a correct SPF
signature.
And can we check this?
Dave Funk gave you a better suggestion: whitelist authenticated
vodaphone emails and create some aggressive rules to catch the fakes.
More to the point; create aggressive rules to catch -any- message that
claims to be a vodafone bill (real or fake) and whitelist_auth vodaphone emails.
This way you don't have to try to figure out exactly how to identify
the fakes, you just push all "vodafone bill messages" off the cliff
and count on the whitelist_auth rule to be a safety net that will
rescue the real ones.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
