See injection below. --Bruce
On 3/12/23 13:39, Joshua Judson Rosen wrote: > > On 3/10/23 12:43, Bruce Labitt wrote: > >> In email headers, are there any fields which are not spoof-able? Or is > email simply a morass that is totally unsolvable and broken? Simply > impossible to filter spam? Now I am getting spam that is passing all the > dmarc, spf, and dkim checks. Volume is relatively low at the > >> moment, 6 in 12 hours, but I am sure the bad guys are working on > increasing the volume. > >> > >> In particular, is > >> > >> X-Origin-Country reliable? Or is this data field unsuitable for > filtering as well? > >> > >> Are there any mail client pre-filtering packages that can be added? Or > is this a game best left to? > > On 3/10/23 17:02, Bruce Dawson wrote: >> Essentially, no - all email headers are spoofable except the ones put on by >> your server. > Your server should insert a Received-by header that indicates >> who sent that message to you. > Though in the case of the headers providing DKIM signatures, those are > "unspoofable" to the extent that they're used, > since that's a cryptographic signature that you can verify. > > There are caveats there, basically that the DKIM signatures are only for > select _parts_ of the message..., > but _generally_ if you have a valid DKIM signature then you at least know > where the message > actually came from. > > And if you've got "spam that is passing all the dmarc, spf, and dkim checks", > then > you know even more assuredly who's sending you spam. > > So, at least in theory, that gets you past the `detecting spoofs' point, > so now you just have to worry about the spam coming in from new > domains that you haven't blocked yet.... Except when an intervening server deletes all the DKIM (and other) envelope information. Of course, that's a bad actor/server, but isn't that what most SPAM servers are? _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/