On Thu, Sep 30, 2004 at 12:50:04PM -0700, Nate Schindler wrote: > I actually block all incoming mail that claims to be from my domain. > The only problem is that I don't get copies of messages that I send to > some lists, such as this one. But... as far as I'm concerned, if a > mail server isn't listed as an MX for <somedomain.com>, it should use > <somedomain.com> in the mail from or envelope from feilds. It's a > wide open hole for spam and social engineering attacks.
Should or should not? And what does being listed as an MX have to do with sending mail? It's completely reasonable for a server not listed as an MX for a domain to send mail "from" that domain. Or am I misunderstanding what you're saying? > I was actually surprised to see that even anti-spam lists such as this > one spoof the envelope from field. :/ What are you talking about? Any reasonable MLM (including the one used for this list, which I believe is EZMLM) rewrites the envelope address to its own. Because the MLM used by this list uses VERP, your address is embedded in the envelope-address - maybe your filters just aren't configured properly? >From [EMAIL PROTECTED]
