Hi Jesse,

> > > If I don't allow email to come into my network with forged FROM
> > > headers(or even forged envelope sender headers if they're relevent)
> >
> > Here's already an error in your idea - you can't reliably see if a
> > sender address is forged, and therefore:
> 
> But I can. It's simple:
> 
> (If the user is NOT on one of my network IPs, OR, if the user has not
> POPed before sending SMTP, ) AND the incoming email contains one of my
> internal domains in the FROM (envelope or header), then it's bogus.
> 
> Is there a problem with that?

No. Have you read my posting completely?

Just quoting myself:

JP> You cleary said that your filtering rule applies to mail that uses one
JP> of your domains (or these of your customers) as the From address. Thus
JP> your definition of a forged sender is: "Every mail with a sender address
JP> using one of my domains, but not relayed through our mail server". That
JP> might a more or less proper check (personally, I'd say: less), but
JP> doesn't match the vast majority of mails with forged sender addresses:

It's just that - the test isn't really stupid, it just doesn't match
nearly any mail because spam mails don't have one of your domains as
their forged From address in nearly all cases. IMHO, it simply isn't
worth the work, but feel free to implement it anyway. Let it write a log
to see how many spam mails it really catches, and don't forget to check
it for regular mail blocked by this rule, thus causing trouble for your
customers.

Jonas



Reply via email to