Hi Jesse, > If I don't allow email to come into my network with forged FROM > headers(or even forged envelope sender headers if they're relevent)
Here's already an error in your idea - you can't reliably see if a sender address is forged, and therefore: > how would that NOT prevent the spam from reaching my user's inboxes?? You can't identify these with your filtering rule. You cleary said that your filtering rule applies to mail that uses one of your domains (or these of your customers) as the From address. Thus your definition of a forged sender is: "Every mail with a sender address using one of my domains, but not relayed through our mail server". That might a more or less proper check (personally, I'd say: less), but doesn't match the vast majority of mails with forged sender addresses: Take 10,000 spam mails you collected in your users inboxes. How many of them have a (forged) sender that uses one of your domains in their From address? I'd really wonder if this is more than, let's say, one, unless your spam situation is _totally_ different than mine and probably most others. The spam mails I get (and I get a lot; thankfully SpamAssassin helps me pre-sorting them into a different IMAP folder) are from forged hotmail.com, yahoo.com or aol.com addresses in most cases. As long as Hotmail, Yahoo and AOL aren't your customers, your filtering rule would match nearly nothing. Summary: I think your filtering rule has nearly no effects on spam catching, _and_ it has drawbacks to your customers that want to use another mail relay than yours. I'd prefer not to use it. Jonas