On Fri, 25 Mar 2016 09:47:00 +0000 Cedric Knight wrote: > On 25/03/16 00:55, Alex wrote: > > Hi, > > > > First, I'm wondering why parking.ru isn't among the freemail > > domains? > > Probably because the FreeMail plugin is designed to detect the > right-hand side of email addresses for providers like Gmail and AOL, > and parking.ru looks like a general-purpose web host. Does it offer > free email service @parking.ru?
It doesn't actually matter whether it's free - freemail is a bit of a misnomer. It is, as you say, a list of domains used in email addresses. That makes it much less effective on received headers because it's very common for freemail providers to use separate domains for server names. It's also worth bearing in mind that legitimate mail from commonly spoofed domains may be forwarded through freemail servers. > > I'm reading through the FREEMAIL_* rules, and wondered, how can I > > build a rule that looks to see if email was passed through a > > freemail domain? > > > > I realize there's FREEMAIL_FROM, etc. I'm interested in something > > like FREEMAIL_RECVD or something similar. > > > Having knowledge that a freemail sender was used in a spoof/phish > > attempt I believe would be helpful.
