Al: Michael didn't say he was comparing the IP address to the domain in your email address. The SMTP server adds an extra header that specifies *its* domain and *its* IP Address. Those were the 2 values he was checking. So your situation would still work fine.
-- Mosh Teitelbaum evoch, LLC Tel: (301) 625-9191 Fax: (301) 933-3651 Email: [EMAIL PROTECTED] WWW: http://www.evoch.com/ > -----Original Message----- > From: Al Musella, DPM [mailto:musella@;virtualtrials.com] > Sent: Tuesday, November 12, 2002 4:35 PM > To: CF-Talk > Subject: Re: (Admin) New spam code > > > I think you are forgetting situations like mine, which is > probably very > common.. > my website is co-located at an isp. They also provide me with incoming > mail for my email account. All of my DNS stuff says that > virtualtrials.com 208.206.10.19 (or something like that:) is > the mail server. > > Because this mail server is configured correctly, and it won't allow > relaying of mail coming from outside of it's network, I can't > use it with > my cable modem connection as an outgoing mail server, so I use my cable > company's outgoing mail server, mail.optonline.net. My mail goes > out with > a header saying [EMAIL PROTECTED] but if you traced it back it > actually comes from an unrelated domain, optonline.net > Your system would say it's spam.. but it isn't.. that is just a > common way > of securing a mail server. IF I had to follow your rules, my ISP would > have to allow anyone to relay mail - since many customers are coming from > outside the local network. > > > Al > > > > > At 06:49 AM 11/12/2002 -0500, you wrote: > > > ALL mail headers can be forged. Using easily forgeable > Received: headers > > > for validation is useless. > >True, but can they be forged properly is the question. I've > caught enough spam > >to see that it falls into specific patterns and if I can block > half or more of > >it because it falls into a pattern of having recognizably forged > headers then > >it's a good thing. I'm going to rewrite the function to just > contain the IP > >address checked so that if a machine announces itself as an IP > and the IP does > >not match the actual IP that sent the mail then it's spam. > That's good for > >10%-15% of the spam right there. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com
