On Tuesday, Sep 24, 2002, at 15:52 US/Pacific, Seth Breidbart wrote: >> Finally, the whole system is easily fooled if you don't use encryption >> since I can easily forge the From address. Most people are going to >> whitelist things like their postmaster or addresses used by popular >> sites like Amazon's or ebay's confirmation messages and if Microsoft >> or >> Netscape happened to whitelist their support address while adding >> support into their mail clients... > > I already block email claiming to be from [EMAIL PROTECTED] that > arrives from outside panix's physical network. Likewise, it's easy > enough to check that mail from a whitelisted address (especially a > popular one) came from an appropriate mailserver.
Popular ones we can definitely check (e.g. amazon.com mail should never come from a non-Amazon netblock) but there's a major problem here: laptop users, people using their home account at work or vice versa and anyone with a personal domain. Until authenticated SMTP becomes much more common I think we have to assume that many people will be sending mail from a domain other than the one in the From header. Chris _______________________________________________ spamcon-general mailing list [EMAIL PROTECTED] http://mail.spamcon.org/mailman/listinfo/spamcon-general#subscribers Subscribe, unsubscribe, etc: Use the URL above or send "help" in body of message to [EMAIL PROTECTED] Contact administrator: [EMAIL PROTECTED]
