I'm researching and trying to write an SA rule to detect forged gmail traffic, does anyone has anything done like this?<br><br>i was thinking in some message id structure, and the precense of DKIM data.<br><br>any advice would be aprecciated,<br>
<br>eduardo.<br><br>PD: cant block for invalid spf<br>