Is there a way using EFM to block spam coming from companies forging the from field? It seems like half the spam I receive says its from a hotmail or yahoo address. Blocking all hotmail and yahoo addresses obviously isn't a good solution and blocking the specific address in the "from" field probably won't help much either as spammers tend to only use the same forged email address once.

Thanks,
Paul

You can set EFM to try to find an "open relay" between the sender and you. An open relay is a relay that allows spammers to forge.

Paul,

There is no way for EFM to know whether a From field is forged or not. At least not at this time.

Probably kitchin's suggestion of using the DNS BL lists (i.e. bl.spamcop.net, relays.ordb.org and list.dsbl.org) is a good option.

While it is not necessary to use an open relay to forge the From field, in many cases the two do go hand in hand. If you choose to enable the UCE BL lists, I would recommend that you follow the links in EFM that point to those sites for further information. Not all of them list open relays. Each BL list has its own criteria and its own way of determining which IP addresses to list.

Thanks for the replies. I have always select the option to "Use UCE Blacklists" but I still get tons of spam.

I guess I was hoping I could go into an email and look at the header information for the first instance where it says:

Received: from <hostname> [IP Address]

And the block that IP address. There's no way to do that is there?

Yes, you can filter on either the hostname or the IP address in the received lines.

http://www.aota.net/forums/showthread.php?postid=63895#post63895

See the above post for details/config picture. However, instead of entering the country TLD extensions in the window, as shown in the linked example above, enter the IP address or hostname.

Note: the discussion linked above indicates that the received line filtering does not work correctly. That was in a previous version of the script, and that bug has been fixed. Received line filtering does work, and I use it myself quite successfully.

Hope this will help!

Thank you! I will give it a try.

- Paul