>I was basing it on the mail headers. Basically what your mail server reports
>itself as to my mailserver. I've since found that my assumptions were not
>100% correct.
ALL mail headers can be forged. Using easily forgeable Received: headers
for validation is useless.
Here are the checks your MTA/MX can perform:
1. For ip of sending MTA
a. require PTR record ( avoid, too many false positives)
b. require the PTR hostname and that hostname's A record match. Mostly
reliable for detecting forgeries of frequently-forged @sender.domains,
including your own (if you do your DNS correctly). Find a list of 4000+
frequently forged domains at monkeys.com with A + PTR matching.
2. Helo/ehlo
a. helo/ehlo command required
b. helo/ehlo hostname required and/or be a FQDN (avoid, too many false
positives)
b. filter for "trick" hostnames
3. MAIL FROM:<[EMAIL PROTECTED]>
a. require FQDN for sender.domain
b. require that sender.domain have A and/or MX records
Len
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
