If "secure" means "hardest for a spammer to exploit", then I would say whitelisting IP addresses would be the most secure. Spoofing IPs is not impossible but well beyond what most spammers can do. Spoofing an rDNS name is actually pretty easy -- if I control my own rDNS, I can set those records to say anything I want. The hard part is updating them rapidly; DNS is not designed to handle frequent updates. Least secure is definitely a sender or recipient whitelist, as spoofing those is trivial.
From the standpoint of maintenance, whitelisting IPs is the most inconvenient because they're the hardest to gather and the most likely to change. -- Sam Clippinger Eric Shubert wrote: > I am thinking that from a security standpoint, the preferred methods of > whitelisting would be by: > 1) rDNS > 2) IP > 3) sender > simply because spoofing a sender is easiest and spoofing rDNS is the > most difficult. > > Is this correct? > Are there other considerations? > > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
