At 02:31 PM 9/28/2007, John Rudd wrote:
Consider this senario:
a) user on dynamic IP sends email to their ISP's mail server
b) ISP's mail server submits message to your mail server
In your suggested processing, this would generate a false positive:
the message would be marked as a potential botnet even though the
message was handled in a legitimate manner (message went out through
the ISP's mail server instead of coming _directly_ from the dynamic host).
Our mail server is on a dynamic business line, so we send through our
ISPs AUTH port (and have this listed in SPF). We still get bounced
mail from some servers that are scanning all the headers against
things like the Zen list. For a while, Internic was bouncing mailing
list digests that had posts from anyone with a dynamic address, seems
they were scanning the body of the message, too!
--
Jerry Durand, Durand Interstellar, Inc. www.interstellar.com
tel: +1 408 356-3886, USA toll free: 1 866 356-3886
Skype: jerrydurand
