> > >It would be wise to try and program with this evil behavior in mind... > > I agree, but there would be a lot of subnets to include, because=20 > > spammers could use localhost (120.0.0.0/8), private addresses=20 > 127 > > (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12) > > Yes. Plus the link-local net (169.254.0.0/16) and multicast addresses > (224.0.0.0/4). These are guaranteed not to be reachable over the public > internet.
Here's a more complete list. null_net 0.0.0.0/8 rfc1918 10.0.0.0/8 loopback4 127.0.0.0/8 IS a bogon, if not on lo0 autoconf 169.254.0.0/16 Sometimes called dhcp-net rfc1918 172.16.0.0/12 test_net4 192.0.2.0/24 NeXT_default 192.42.172.0/24 (Preceeded RFC1918 for same purpose) rfc1918 192.168.0.0/16 multicast 224.0.0.0/4 Can be combined as 224.0.0.0/3 class e+f 240.0.0.0/4 Can be combined as 224.0.0.0/3 broadcast 255.0.0.0/8 (included in class e+f mask) > > It might be simpler to make an SMTP connection to the MX RR of the=20 > > sender's domain, and maibe even do a MAIL FROM: <>, RCPT TO:=20 > > $senderAddress to do a simple address check. There was a major argument about this on the spamtools list last week. If someone decides to implement this, watch out for race conditions. Brian
