Also, many list servers spoof the from domain when they send mail on behalf of a third party. Generally, these list servers don't bother to bind a DNS entry to their mail server - in which case you might find that you get false positives.
On 6/30/06, Serge Knystautas <[EMAIL PROTECTED]> wrote:
On 6/29/06, JWM <[EMAIL PROTECTED]> wrote: > I have been using the default matcher for "SenderInFakeDomain" ever since I > installed James. I've never been aware of any problems with it. But in the > last week, I've had at least two hits on apparently perfectly valid emails. > One was from sbcglobal.net. Both were from people known by the recipient. > > Where did that list of fake ip addresses that were shipped in the config > file originate? Is it possible that these IPs have changed and some have > become legit? > > I would think that somehow the sender was hacking and spoofing. But that is > almost an impossibility, given who the senders were. > > Can someone enlighten me on what may be happening here? Is that simply not > a trustworthy matcher to filter email out? What it's doing is looking up the domain of the incoming email address. The point is that if you get a message from [EMAIL PROTECTED] and lokitech.com does not exist or is not configured for mail, then there's a high chance this is a fake email. The one scenario that causes this approach a problem is when a domain has temporary DNS problems. This could be why your recipients were getting bounced. Normally it is a good check, but others might be able to speak better as to how widely used and accepted it is. -- Serge Knystautas Lokitech >> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
