On Sat, 2008-12-06 at 11:48 -0800, John Hardin wrote: > On Sat, 6 Dec 2008, Mike Cisar wrote: > > > - the "from" always matches the "to" (so it always looks like its coming > > from yourself) > > Silly, basic question: have you whitelist_from'd yourself? Baaad idea. > > SPF checks would catch that if you published SPF records for your domain. > If you know that mail from your domain will ever only originate at your > MTA, then you might do what I do: use milter-regex to reject at SMTP time > any mail inbound from the internet that claims to come from your domain. > > http://www.impsec.org/~jhardin/antispam/ > I love these spoofing mails - they are ace. Idea? Well, if you have an obliging server with NDR's on, it's win win for the spammer. If it's rejected and generates an NDR, the intended recipient still gets the spam as an attachment in the NDR. Corking ;-)
Surely, by now, someone has come up with a simple regex rule or something that matches if the to & from are the same? Is this too obvious?
