-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Rice wrote: > On Thu, 8 Feb 2007, Mark Horn wrote: > >> I use SPF, too. IMHO, it's not widely deployed enough to protect the >> envelope sender. Which means that 99% of legit email addresses in my >> whitelists can be forged through the envelope sender just as easily >> as From: or Reply-To:. For the other 1% SPF doesn't always help. > > One of the main reasons I use SPF is to eliminate spam claiming > to be from my domain. After all, users in my domain are whitelisted.
The best way to stop yourself receiving spam with sender addresses in your domain is to have your mail server refuse to accept such mail, at least on the regular SMTP port 25. Real users of your domain would send mail to a different SMTP server instance (probably on the same machine), which would require authentication and SSL (standard ports are 465 and 587 for SSL and TLS, not necessarily in that order). Of course, I think this typically only prevents spammers forging the envelope sender, and not the headers, such as From, Reply-To, etc. Still, I guess a pre-acceptance filter/plugin for the mail server could easily be written that filtered for that too. That said, even when spammers forge addresses in your domain, do they ever do that *just* for From/Reply-to and *not* for the envelope sender? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFy78khk3bo0lNTrURApS9AKDSmjXECuEFBdDVzSYmcxoC9+ojjACgpETX qGlwkc0gbT/1uQytaHKGJjo= =5JxL -----END PGP SIGNATURE----- _________________________________________________ tmda-workers mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-workers
