[This would best be discussed in the Declude Virus mailing list]
>We've seen Klez.E, Klez.H and now Bugbear falsifying from addresses. How
>long before Declude will give you the option to have it use the domain name
>from the headers and add abuse@ in front of the actual originating sending
>mail server, rather than relying on the from address? Especially for those
>viruses that falsify the from address.
The problem is that there is no way to know for sure the sending domain --
although most mailservers will send their host name, some viruses will
forge that, too.
>I don't think we will ever be able to get rid of these types of viruses
>unless there is some way to accurately send messages to where the message
>truly originates, rather than what the domain name in the from address is.
>
>Any thoughts? From what I've seen, the originating mail server in the
>headers is usually not falsified.
With some viruses it is.
However, we have been considering adding IPWHOIS lookup support, to send to
the appropriate location. However, that is a lot of extra code, and the
IPWHOIS information isn't always accurate.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
