GrayHat wrote: >> Is SPF the best way to handle bogus emails that came from whitelisted >> addresses? For instance, I have a popular banking website whitelisted, >> but occasionally will receive spam from the address that I whitelisted >> that obviously isn't from the bank. > > Could I know the domain name for that bank ? Asking that, since in some > cases, even if the bank doesn't publish an SPF record (which in the case > of banks and the like would be a *GOOD* idea) you may use the senderbase > whitelisting (latest 1.5.1 has it) to whitelist all the IPs belonging to > that bank > w/o having to whitelist an address... which may be spoofed :) the same > goes > for a number of organizations, you may set then up to "SPF strict" and > then > add their senderbase description (or regepx) to ASSP so that you'll > receive > all the valid emails from them but you'll also drop all spoofed ones :) >
The bank is Capital One, so capitalone.com. I have @email.capitalone.com whitelisted. Using ASSP Version: 1.5.1(RC 0.10.05). ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
