SpamAssassin Rule: TVD_RCVD_IP

Standard description: None


Checks if the most recently addded Recieved: header begins with "from " followed by a hostname that starts with four groups of digits separated by non-alphanumeric characters (e.g. "." or "-").

This is usually an indication that the hostname is derieved from a public or private IPv4 address scheme. Since these types of addresses are commonly distrubuted to end users rather than mail servers they are often seen in spam sent directly from end user hosts.

For example:

On servers that also act as smarthosts for machines usually matching this pattern, this rule should be switched off.

Further Info

The default scores for this rule can be found in the online list of tests.

Note: this rule (and TVD_RCVD_IP4) will also match IPv4 addresses not enclosed in square brackets. This is an implementation error in your mail server software, as IP addresses should be enclosed in brackets. See RFC 5321 ยง4.1.2.


Rules/TVD_RCVD_IP (last edited 2011-09-09 13:19:01 by LeeMaguire)