[SUGGESTION]Add SPF and DMARC result at header

Forum Home

[SUGGESTION]Add SPF and DMARC result at header Tommy
[SUGGESTION]Add SPF and DMARC result at header Tommy
[SUGGESTION]Add SPF and DMARC result at header Synametrics Support

From:	Tommy
Date:	5/11/21 3:34 AM
Topic:	[SUGGESTION]Add SPF and DMARC result at header
Type:	General Discussions
Post a follow up

There is a kind of spams,using dailup ip and forged hotmail to send. IP,subject,Body change time to time,maybe hundreds of ip and will send thousands of such spams daily. Though the server can detected it as spams,but housands of such spams at quarantine is trouble for you.

If SPF result and DMARC result at header,maybe i can set a rule: if header contains: transitioning domain of hotmail.com does not designate,then set very high score and delete it.

Received: from [(223.199.18.110)] by server with Xeams SMTP; Tue, 11 May 2021 10:00:19 +0800 (CST)
X-SM_EnvelopeFrom: dvbngggiuy@hotmail.com
X-SM_SENDER_IP: 223.199.18.110
X-SM_HeloStrInEnvelope: ehlo hotmail.com
X-SMRecipient: xiedang@xxxx.com
X-SM_RECEIVED_ON: Tue, 11 May 2021 10:00:19 +0800 (CST)
From: dvbngggiuy@hotmail.com
Subject: =?GB2312?B?QbT66V+3osaxMTUyLTk2NTktMDgxMg==?=
To: xiedang@xxxx.com
Content-Type: text/plain;charset="GB2312"
Content-Transfer-Encoding: 8bit
Date: Tue, 11 May 2021 10:00:13 +0800
X-Priority: 3
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-SMForgedSender: yes

Received: from [(112.66.255.133)] by server with Xeams SMTP; Tue, 11 May 2021 09:54:57 +0800 (CST)
X-SM_EnvelopeFrom: zxsatjd@hotmail.com
X-SM_SENDER_IP: 112.66.255.133
X-SM_HeloStrInEnvelope: ehlo hotmail.com
X-SMRecipient: liangan@xxxx.com
X-SM_RECEIVED_ON: Tue, 11 May 2021 09:54:57 +0800 (CST)
From: zxsatjd@hotmail.com
Subject: =?GB2312?B?1f255reixrExMzQyMzkxMzYzOA==?=
To: liangan@xxxx.com
Content-Type: text/plain;charset="GB2312"
Content-Transfer-Encoding: 8bit
Date: Tue, 11 May 2021 09:54:51 +0800
X-Priority: 3
X-Mailer: Foxmail 4.1 [cn]
X-SMForgedSender: yes

Received: from [(223.199.26.89)] by server with Xeams SMTP; Tue, 11 May 2021 10:50:49 +0800 (CST)
X-SM_EnvelopeFrom: mkjhy@hotmail.com
X-SM_SENDER_IP: 223.199.26.89
X-SM_HeloStrInEnvelope: ehlo hotmail.com
X-SMRecipient: hlw@xxxx.com
X-SM_RECEIVED_ON: Tue, 11 May 2021 10:50:49 +0800 (CST)
From: =?GB2312?B?wdbPyMn6?= <mkjhy@hotmail.com>
Subject: =?GB2312?B?v6rGsWwzNTMwbDQyODk2?=
To: hlw@xxxx.com
Content-Type: text/plain;charset="GB2312"
Content-Transfer-Encoding: 8bit
Date: Tue, 11 May 2021 10:50:44 +0800
X-Priority: 3
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-SMForgedSender: yes

Top

From:	Tommy
Date:	5/11/21 8:13 PM
Topic:	[SUGGESTION]Add SPF and DMARC result at header
Type:	General Discussions
Post a follow up

If using postfix,you can easily set up an header filter to block such spams,no matter how many they send,all blocked:

/^Received-SPF: softfail \(hotmail\.com/ REJECT Forged email decleard from hotmail.com!

Top

From:	Synametrics Support
Date:	5/12/21 10:03 AM
Topic:	[SUGGESTION]Add SPF and DMARC result at header
Type:	General Discussions
Post a follow up

When a message gets quarantined, that essentially means it was blocked.

If you like, increase the score a bit so the message goes beyond the deletion threshold. In that case, Xeams will simply delete the message.

Top

Community/Enterprise Edition