I have a ruleset that alerts admins if a person from a certain domain name sends an email with a virus.... the problem is that some of these rampant email viruses forge the "From:" addresses..... causing the admins to get alerted when they shouldn't.... Is there any way to create a ruleset that would be used based on the real