> Thanks for quick reply, but blacklist what?
> The problem is I do not know this spammy domains.
> I want to give a score when To: field is NOT in anyaddress@mydomain.com
If only it were that easy.
You'll notice that recipients of this mailing list receive mail to the
mailing list address, not to each recipient.
You might have better luck building a meta rule that combines the "To:"
field with something else, like a body rule or lack of presence of an
SPF record, etc.
You might also consider building rules based on email !__MYDOMAIN, and
excluding cases like this mailing list, then otherwise adding points
that would normally be overcome by a proper SPF record or Envelope From
address, for example.
You should submit a few of these emails to pastebin.com where we can
analyze them more thoroughly for other patterns.
Regards,
Dave
> <mailto:anyaddress@mydomain.com>
>
> cheers
> Miki
>
>
> wt., 20 pa? 2020 o 20:25 Benny Pedersen <me@junc.eu <mailto:me@junc.eu>>
> napisa?(a):
>
> Miki skrev den 2020-10-20 21:19:
> > Let's say my domain is mydomain.com <http://mydomain.com> [2].
> 99% of all the e-mails have:
> > To: miki@mydomain.com <mailto:miki@mydomain.com>
> > But some e-mails, most likely sent using BCC are coming with:
> > To: anyuser@anydomain.com <mailto:anyuser@anydomain.com>
> >
> > Nearly all of them are spam.
>
> blacklist_to then
>
> set blacklist_from to same
>
> this is forged protecting safe
>
> and yes its not fool proff since bcc can be used on remote
>