On Sep 28, 2015, at 3:55 PM, RW <rwmailli...@googlemail.com> wrote: > > YMMV but I find that in deep received headers "may be forged" is a > slight ham indicator. That's why I suggested limiting the match to the > MX server's received header.
In that case it likely couldn't be a distributed rule, unless it could make use of trusted_networks or some similar setting to know which is the correct header... are you recommending keeping this a manual rule only? Thanks. --- Amir thumbed via iPhone
