On 2/10/09 10:35 PM, Marc Perkel wrote:
One trick that comes to mind. I can track domains where the local_part has an = in it. Then once a see one I can perhaps expect all email from that domain to have the = in it and reject spoofers that lack the = .... Thoughts?
You can make any assumption you want, yet, unless you have any confirmation, it will still be an assumption.
One example, one of your clients uses a mailing list, which uses the = sign as a separator for bounce detection, yet they don't use any batv for normal mail address. Another example, look at the headers of my mail, I use some kind of BATV, but I use / as separator, would your rule be useful if I was one of your clients? Yet another example, one of you clients sometimes use the = sign in normal generic email addresses.
All of this to say, ask your clients first. Your trick may be good, but ask for confirmation, or lose your client because your quota for false positives has been exceeded.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
