|
Roger Vicker, CCP wrote: > I am not so sure about the ISP being brain-dead. Part of making sure a > crud isn't using their network to spam or phish is to make sure the from > address (not the HELO/ELHO envelope) is from a domain the ISP "knows" > should be coming from their IP range. Requiring the from address to match the servers address is totally invalid. The FROM address is totally irrelevant except to the human reader. The server shouldn't care one lick about that. Heck I would guess that 90% of the servers in the world send mail for other domains domains in addition to the one their IP resolves to. My own mail server will happily send mail on behalf of a dozen different domains (some my own, others cooperative relay agreements with other groups). Let's clarify something here ... there are two key parts of mail headers ... the FROM address and the SENDER address. Usually they are the same, but often they are different. If you look at a mailing list message you'll see that the FROM address is the original author, but the sender address is associated with the mailing list software. If a mail server is concerned about any address it should be the sender address. Now there *IS* a effort to start validating that a server is authorized to send mail for a domain. It's called SPF (http://spf.pobox.com/) ... the theory is that a domain sets up some information in their DNS that identifies what mail servers they send from. Then, when mail is send from a domain, the DNS is checked and validated. >>Only brain-dead spam-blocking requires the HELO/ELHO name and/or rDNS >>to match the sending domain. Spam-blocking shouldn't even require >>HELO/ELHO to match rDNS. > And yet one of the widest used (I believe even David uses it for the > lists) blockers is SpamAssassin and it uses HELO vs rDNS as one of its > series of tests. Yes, I use spamassassin ... and it does do checks of that nature. But spamassassin uses a series of checks that are cumulative ... each test being assessed a score. If the score is above a certain value it will be classified as spam. Additionally, spamassassin does not actually block mail ... it only scores it. It's up to the end user to discard mail that matches a certain score. > Just thought of another problem with the ISP blindly passing everything > that comes from their IP range. Ex-employee (or just someone) gets an > address close to a commercial customer, sets their mail program to use a > from address of the commercial customer and sends a bunch of destructive > email. How does anyone, without the audit ablity I have been harping on, > prove it didn't come from a current "home worker" of the commercial > customer. It didn't come from the commercial customer's server, but it > doesn't have to to be legitimate because the ISP says that home workers > can't use the commercial customer's server that does use authentication. I'm not sure I understand what you are talking about here ... do you mean address spoofing? It's absolutely trivial for me to send email on behalf of anyone else. But if you look at the mail headers it will be clear that it didn't come from the company I'm spoofing. This is no different than an employee stealing letter-head before quitting and sending paper mail pretending to represent the company. david -- David Gibbs david@xxxxxxxxxxxx Receipt of this message does not grant you permission to send me Unsolicited Commercial Email
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.