John L wrote:
I phrased it wrong. You are not responsible for the content, but you
are responsible for the mail domain and that includes verifying that
mail is validly from your domain you are responsible for.
Oh, OK. So if someone sends pump and dump with a [EMAIL PROTECTED] return
address, and I do a callback and your MTA says "yup! that's a 100% valid
address!" then I turn you in to the SEC, rignt? You have now confirmed
that the mail is from you, after all. Or if you haven't, what purpose
did the callback serve?
There is some reasonable validation technology coming along, most
notably DKIM which which I presume you are familiar. But callbacks are
I agree..... callbacks are not enough, you can reach a
false conclusion, that´s why I use SPF along with callbacks...
on the same message, my MX concludes:
"you are sending email "from [EMAIL PROTECTED]", but shire.net
says YOUR IP address is not allowed to send email on behalf
of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject
MSc. Marcelo Maraboli Rosselott
Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer)
Ingeniero Civil Electronico, CISSP (Electronic Engineer, CISSP, MSc.)
Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria phone: +56 32 2654071
Chile. http://www.usm.cl http://elqui.dcsc.utfsm.cl
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"