On 6/29/06, JWM <[EMAIL PROTECTED]> wrote:
I have been using the default matcher for "SenderInFakeDomain" ever since I
installed James. I've never been aware of any problems with it. But in the
last week, I've had at least two hits on apparently perfectly valid emails.
One was from sbcglobal.net. Both were from people known by the recipient.
Where did that list of fake ip addresses that were shipped in the config
file originate? Is it possible that these IPs have changed and some have
become legit?
I would think that somehow the sender was hacking and spoofing. But that is
almost an impossibility, given who the senders were.
Can someone enlighten me on what may be happening here? Is that simply not
a trustworthy matcher to filter email out?
What it's doing is looking up the domain of the incoming email
address. The point is that if you get a message from
[EMAIL PROTECTED] and lokitech.com does not exist or is not
configured for mail, then there's a high chance this is a fake email.
The one scenario that causes this approach a problem is when a domain
has temporary DNS problems. This could be why your recipients were
getting bounced. Normally it is a good check, but others might be
able to speak better as to how widely used and accepted it is.
--
Serge Knystautas
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
