-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Horn wrote: > On 2007-02-09, Jason R. Mastaler <[EMAIL PROTECTED]> wrote: >>> Return-Path: [EMAIL PROTECTED] >> [...] >> >>> From: "Wesley Bartlett" <[EMAIL PROTECTED]> >> [...] >> >> Seems like you could add some logic to your chain that says "if the >> from header address is @multitalents.net and return-path is NOT >> @multitalents.net, the message is spam, so dump it." > > Wouldn't that create problems with mailing lists(1)? Here's an > example from a few years ago(2): > > Return-Path: [EMAIL PROTECTED] > ... > From: From: Mark Horn <[EMAIL PROTECTED]> > To: [email protected] > > (1) Yes, I know that the *best* way to read mailing lists is GMANE, > but not all list owners agree. > (2) ...back when I actually subscribed to the TMDA lists instead > of using GMANE.
I'm going to assume that mailing lists pass through the message ID header of mails that one sends out. Mailman at least does seem to do this. Then, the algorithm would be: 1) If the message contains a message-id header that we know one of our own systems generated, let it though (this covers the case above where the "From" header on an external email legitimately contains our own domain.) 2) Reject any mail (in the MTA at SMTP time, is best) with an envelope sender, or from/reply-to/... header, in our domain. Note: Item (1) would check for e.g. cryptographically generated message-id, or even something simple like a particular string in the message ID. For example, my tmda-ofmipd rewrites all outbound messages to contain the string "tmda.severn.wwwdotorg.org". Whilst this can be easily forged, it's highly unlikely that a spammer would bother to do this unless they were specifically targeting my system, which isn't going to happen in typical spam. If a company were to out-source any email sending (e.g. announcment list), then to allow that email into their own systems, they would just have that sender do the same thing to generate the message ID they send with (which is perhaps just as simple as putting a message ID header in the template email you give them) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFz9j2hk3bo0lNTrURAln1AKDluQQPJ6t6r1LzLi6iMwVUpRQ8QQCeJF4y XiXreK26n4PmZWuc/nWcr5o= =IOUw -----END PGP SIGNATURE----- _________________________________________________ tmda-workers mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-workers
