--On 4 July 2006 20:54:37 +0200 Renaud Allard <[EMAIL PROTECTED]> wrote:
> There is nothing in those headers that suggests they have been > authenticated on your servers. They _may_ have been authenticated at > 204.9.186.196 (Florida), but nothing 100% sure. > Anyway, you should request that everything coming from > [EMAIL PROTECTED] is either authenticated, either coming from a > trusted or known IP. Many will suggest this is like SPF, and it is a > little bit true, but I think this is an acceptable drawback for your own > domains. > Yes, we require that email from our domain has been through our servers - either authenticated or from a dwindling set of local hosts. We have had a few problems with external web services trying to use our domain, but in general the service providers have relented and fixed the problem. We stamp outgoing mail with a trivial header, so that external list expanders don't screw things up for local subscribers. We could use some clever hashing mechanism, but haven't seen the need yet. So, there are three ways to send email from our domain to a local user: authenticate against our ldap server, use a local host to send the email through our server, or add the header. It works so well that I filter mail from our domains into a spam free mailbox - which is great for ensuring that my bosses' mail doesn't get lost in spam. -- Ian Eiloart IT Services, University of Sussex -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
