SV: Spoofed email and SPF

Mark Sapiro mark at
Fri May 6 04:44:33 UTC 2016

On 05/02/2016 03:28 AM, Trond M. Markussen wrote:
> Thanks for the input.
> Any suggestions as to the format of such a meta rule? Would this possibly
> create false positives if sent from that domain to other domains (using the
> same spam filtering)?

If the domain is '' and you also want sub_domains

header   _FROM_BAD_DOMAIN From =~/[@.]example\.com(>|\s|$)/i
score BAD_DOMAIN 1000

the regexp in the header rule is fussier than many would use because it
only matches if is followed by '>', white space or the end
of string.

I don't know what you mean by "other domains (using the same spam

This would be your local rule in your spamassassin. If the message
scanned by your spamassassin hits SPF_FAIL and is from the bad domain it
will be given a score of 1000.

This won't affect messages From: the domain that don't hit SPF_FAIL and
it won't affect anyone else's spamassassin unless they too install this

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list