Adam Katz wrote, On 2/02/10 8:53 AM: > You spoke of the To: address. What about the sender? Would this do? > > def_whitelist_auth *[email protected]
The sender isn't *[email protected] When I buy something paying with Google Checkout, Google provides the vendor with a single-purpose *[email protected] address that they can use to reach me. The vendor sends mail to that address and Google forwards it to me. I tried sending an email to a bogus checkout.l.google.com address with a Bcc to my gmail address. The copy to the To address was rejected of course, but the Bcc arrived in my mail box with headers that I can't distinguish from the mail that I got from a vendor that was sent to me via the real checkout.l.google.com address. The MX records for gmail.com and l.google.com are the same. Of course I can whitelist the vendor, but what I'm trying to do is figure out if it is possible to find some characteristic of the email that can be used for a general nice rule for such Google Checkout forwarded mail. -- sidney
