I just had this idea after dealing with a bunch of paypal scam emails trying to steal people's cc's and paypal account info.  How about a filter where you can feed it a domain name and it checks the hostname that it gets when doing a reverse dns lookup with the domain name of the email from address.

For example, obviously legitimate email from mailto:whoever@paypal.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - whoever@paypal.com is going to come from an IP address that reverse DNS back to paypal.com.  If it reverses back to chartertn.net, comcast.com, bellsouth.net, etc then it's obviously a scam since paypal has their own domain.  Doing a search for paypal.com in all the spam filter logfiles made this very apparent to me as to which were legite and which were fake and some of the fake ones are using legitimate return addresses from paypal.com such as mailto:payment@paypal.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - payment@paypal.com and are using IP addresses at random so I have no way of blocking these without this sort of feature.

Nice idea on the surface but .... once paypal supports SPF, the issue should reduce.  Also, my strategy, which is working so far is as follows:

In my Blocked From list:

mailto:*@paypal.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - *@paypal.com

in my KeywordWhiteList:

https://www.paypal.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - https://www.paypal.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - https://www.paypal.com

If there is an actual link to an SSL page at paypal, then I accept the message.   I have received no more paypal scams as a result and all my customers still get valid paypal email because ALL seem to have that link somewhere in the message body.

Just my input.

Dan S.

Fred,

The idea popped into my head while I was in the shower of all places but I also spent some time on the phone with PayPal and thats where the idea solidified so don't feel too bad!

Dan S.

FYI,  I just recieved a response to a Buyer Complain I sent in to PayPal and their response from mailto:service@paypal.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - service@paypal.com did not have the SSL link you mentioned.  The only link in the email was to their unsecured Security Tips page.

Ok...now I just got one for ebay.com along the same lines ROFL.  Think the same method will work for it too?  Perhaps I should check with ebay.com.  This is nuts..lol.  I did a tracert of the IP address in the fake link on both of them and sent abuse notices to the ISP's being used and in ebay's case, I also sent a copy to ebay.com.  I'm sure even if it does get shutdown though it'll pop up somewhere else soon.

I have a word for describing these people along with spammers and spyware authors but I'll refrain from saying it on such a public forum. :-)

I filter ALL "dotted IP" in an http link in email.  If you have a ligit site, put real DNS on it ... thats my attatude.  Also,  I have a lot of nice strong trees and some very good rope ... for the Spammers of course.

Dan S.

Fred,

You need to use a RegEx (Regular Expression)

Dan S.