On Thu, 2015-02-12 at 19:48 -0500, Alex Regan wrote: > So shouldn't there be a rule for a rule that claims to come from Amazon > but does not pass through any of its servers? > In some cases the Message-ID header can help: I have a rule that adds a point or two to messages with my own Message-ID and for messages that have a non Yahoo From: address but carrying a Yahoo Message-ID (dumb script-kiddies feeding spam through Yahoo).
I have no idea if this approach would work for Amazon, but in any case Message-ID tests should never be used alone: used them as components of a meta. I like the blacklist/whitelist_auth trick. Martin
