--AccuSpam <support(_at_)accuspam(_dot_)com> wrote:
Will the PRA enable me to say this is a forgery?
Doing domain reputation of "sina.com" (or change it to "hotmail.com"
hypothetically) could cause many false positives, and this would apply
even if Return-Path == From.
The PRA would attempt to validate the From: address, not the Return-Path.
So it would do the same sort of checking as SPF Classic, but would use
excite.com instead of sina.com
The only ways I see to possibly catch a spam like this without causing
false positives is to use a much higher degree of cross-correlation (I
will not elaborate).
Other ways of catching spam besides SPF are interesting, but I won't write
about them here, because that would be off-topic for this list.
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>