X-Spam-Status: No, score=3.0 required=5.0 tests=AWL,BAYES_00,HTML_MESSAGE,
HTML_OBFUSCATE_20_30,MIME_HTML_ONLY,OBFUSCATING_COMMENT,UNPARSEABLE_RELAY
autolearn=no version=3.2.0
Received: from oldieszuhause.de ([212.227.100.209]:60637)
by da2.domeny.com with esmtp (Exim 4.67)
(envelope-from <s.wyczawski@???>)
Obviously, envelope-from address is faked. This got me thinking -
suppose we used following algorithm:
1. Get revdns name for incoming IP.
2. Extract domain from envelope-from address. Remove leftmost subdomain
(radca.lex.pl -> lex.pl) (this is done for sake of large email providers
who send mail from hosts that are not their MXes, smth like
smtp43.someprovider.com for outgoing mail and smtp.someprovider.com for
incoming mail)
3. If string 2 doesn't contain string 1 (revdns name), the domain is
faked and this could be used for things like increasing SA score or
doing fakereject in Exim.
