At 11:53 PM -0500 3/31/00, Patrick Bihan-Faou wrote:
>Hi,
>
>From: "Paul Schinder" <[EMAIL PROTECTED]>
>> At 3:06 PM -0500 3/31/00, Dave Sill wrote:
>> >Do the spammers:
>> >
>> > 1) throw up their hands and admit defeat, or
>> > 2) start using valid (but wrong) domains in their envelope return
>> > paths, thereby defeating your rejection and escalating the arms
>> > race?
>> >
>> >Note that many are already doing (2), of course.
>>
>> I've had several emails using my @pobox.com address as the MAIL FROM
>> bounced because spammers use phony @pobox.com addresses. I've never
>> seen a single spam that originated on pobox's servers. Most of the
>> spam I see comes from China or relay raped machines outside the US.
>> And, of course, I've seen numerous pieces of spam with phony
>> @yahoo.com, @hotmail.com, @aol.com, etc.
>>
>
>
>Maybe one way to deal with this is:
>1. verify that the domain of MAIL FROM is correct
>2. verify that the address of the server sending the mail
> resolves to that domain...
That's not a good idea at all. It defeats the entire purpose of a
mail redirection service like pobox. I use my @pobox.com address on
all sorts of mail, but I've *never* used pobox's servers to send out.
The mail goes out through a variety of routes. All of the machines I
send out from have resolvable IP's, but none of them are in pobox's
domain.
>
>This is probably not the best answer, but if you apply that to some key
>domains, then you should be able to cut down on a fairly good volume of spam
>with fake addresses. Also it should be fairly easy to implement a scheme
>like this in qmail (although it also means more DNS lookups for a good
>number of incoming mail messages).
>
>
>Patrick.
--
--
Paul J. Schinder
NASA Goddard Space Flight Center
Code 693
[EMAIL PROTECTED]
