SpamAssassin Rule: TVD_RCVD_IP
Standard description: None
Checks if the most recently addded Recieved: header begins with "from " followed by a hostname that starts with four groups of digits separated by non-alphanumeric characters (e.g. "." or "-").
This is usually an indication that the hostname is derieved from a public or private IPv4 address scheme. Since these types of addresses are commonly distrubuted to end users rather than mail servers they are often seen in spam sent directly from end user hosts.
Received: from 212-98-43-121.static.adslpremium.ch ([22.214.171.124]:3607 helo=xtqq.adslpremium.ch)
Received: from 126.96.36.199.client.lchost.net ([188.8.131.52] helo=smtp.fifambeie.co.uk)
On servers that also act as smarthosts for machines usually matching this pattern, this rule should be switched off.
The default scores for this rule can be found in the online list of tests.
Note: this rule (and TVD_RCVD_IP4) will also match IPv4 addresses not enclosed in square brackets. This is an implementation error in your mail server software, as IP addresses should be enclosed in brackets. See RFC 5321 §4.1.2.