On 2007-02-09, Stephen Warren <[EMAIL PROTECTED]> wrote:
> I try to detect and reject that kind of thing in the MTA though, because
> then the email is never accepted for processing by my system, and hence
> I never have to hold/challenge it, nor virus/spamassassin/... check it
> etc. This uses much fewer of my system's resources!
Absolutely! I didn't mean to suggest anything else.
My recommendations are:
1) Reject non-authorized use of your own domain(s) during SMTP
session.
2) Use SPF to reject non-authorized use of other domains during
SMTP session.
3) Don't whitelist your domain in order to prevent situations where
envelope address is authorized but From: & Reply-To: are forged
with your own domain(s) e.g.:
Envelope sender: [EMAIL PROTECTED]
Envelope recipient: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
_________________________________________________
tmda-workers mailing list ([email protected])
http://tmda.net/lists/listinfo/tmda-workers
