Danny, >>Spammers use an openrelay SMTP server to post thru. Let's call that >>machine A. They make their headers appear to be from elsewhere. Let's >>say that is machine B (it might be real or not). When the mail arrives >>at machine C (it's desination), that mail server can see evidence of B >>(clearly), but also information pertaining to A? Or is it that only >>information from some uplink A connects to is evident? >> > >C should append a line a bit like: >"received by C[123.123.123.123] from A[432.432.432.432] at 00:00 GMT +0000" > You mean ...
B should append a line a bit like: "received by B[123.123.123.123] from A[432.432.432.432] at 00:00 GMT +0000" >>If C sends a digest (subject of a new RFC) to B of the message through >>SMTP saying "did you send this?", then there are two possibilities - (1) >>The answer is "no I did not", or (2) no such mail server. Does A have >>record of the email? >> > >pretty much not, once its sent or bounced the MTA is glad to get rid and >reclaim the space. > >>If it does, can it determine that it was from the >>real email user? >> > >Possibly yes depending how tightly it is set up itself to prevent relaying, >more likely no, if A has faked a message from a real user of B it would be >hard to differentiate from a bona fide one. > OK, here is a lateral question : How if ServerA receives mail from ServerB, how does A determine if B is an open-relay type? 1) Blacklist (checks IP against table centrally maintained). 2) Asks it -> Are you open relay? ( reaches back to Server B in seperate connection, caches yes/no response for last 1000 mail servers) 3) Other ? Of course I'm eluding to (2) being part of the new RFC. - Paul -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
