> On 3/10/23 12:43, Bruce Labitt wrote: >> In email headers, are there any fields which are not spoof-able? Or is >> email simply a morass that is totally unsolvable and broken? Simply >> impossible to filter spam? Now I am getting spam that is passing all the >> dmarc, spf, and dkim checks. Volume is relatively low at the >> moment, 6 in 12 hours, but I am sure the bad guys are working on increasing >> the volume. >> >> In particular, is >> >> X-Origin-Country reliable? Or is this data field unsuitable for filtering >> as well? >> >> Are there any mail client pre-filtering packages that can be added? Or is >> this a game best left to?
On 3/10/23 17:02, Bruce Dawson wrote: > Essentially, no - all email headers are spoofable except the ones put on by > your server. > Your server should insert a Received-by header that indicates > who sent that message to you. Though in the case of the headers providing DKIM signatures, those are "unspoofable" to the extent that they're used, since that's a cryptographic signature that you can verify. There are caveats there, basically that the DKIM signatures are only for select _parts_ of the message..., but _generally_ if you have a valid DKIM signature then you at least know where the message actually came from. And if you've got "spam that is passing all the dmarc, spf, and dkim checks", then you know even more assuredly who's sending you spam. So, at least in theory, that gets you past the `detecting spoofs' point, so now you just have to worry about the spam coming in from new domains that you haven't blocked yet.... -- Connect with me on the GNU social network: <https://status.hackerposse.com/rozzin> Not on the network? Ask me for an invitation to a social hub! _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
