- 论坛徽章:
- 0
|
最近公司内有同事总能收到以自己名字发送的垃圾邮件。
查看邮件的原始信息后,发现是 有人伪造的发信人地址,假冒该同事的名义发信
我查看了一些文章,大部分都认为可以通过SPF来杜绝这个问题。
可是我们单位有很多客户的企业邮箱并没有做 txt记录的解析
如果使用SPF,那么就会造成大量客户邮件的丢失
所以,这个方法恐怕不能使用
垃圾邮件原始信息大致如下:
krobinso@efw.com 伪造 ryan@cu.com为发件人,发给ryan@cu.com
Return-Path: <krobinso@efw.com>
Delivered-To: <ryan@cu.com>
Received: (qmail 15524 invoked by uid 510); 18 Sep 2007 11:25:16 -0000
Received: by simscan 1.2.0 ppid: 15476, pid: 15519, t: 3.7486s
scanners: attach: 1.2.0 clamav: 0.88.4/m:41/d:2379 spam: 3.1.3
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on
mail.cu.com
X-Spam-Level:
X-Spam-Status: No, score=-97.1 required=15.0 tests=BAYES_50,DOMAIN_RATIO,
HTML_90_100,HTML_IMAGE_ONLY_28,HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,
MIME_HTML_ONLY,UNPARSEABLE_RELAY,USER_IN_WHITELIST autolearn=no
version=3.1.3
Received: from unknown (HELO alex-61b194e815) (85.18.136.103)
by mail.cu.com with SMTP; 18 Sep 2007 11:25:13 -0000
Received-SPF: none (mai.cu.com: domain at efw.com does not designate permitted sender hosts)
Received: from Lemuel Harding (10.16.13.14) by alex-61b194e815 (PowerMTA(TM) v3.2r4) id hfp86o76d92j96 for <ryan@cu.com>; Tue, 18 Sep 2007 01:24:56 +0100
Message-Id: <20070918022456.26300.qmail@alex-61b194e815>
To: <ryan@cu.com>
Subject: RE: September 70% OFF
From: Viagra.com Inc <ryan@cu.com>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
能不能通过检测,发件地址和回信地址知否相同来过滤呢?
如:
Return-Path: <krobinso@efw.com>
From: Viagra.com Inc <ryan@cu.com>
Mailfilter 能够解决么?该如何写这个规则呢?
请大家帮帮忙~~~谢谢! |
|