I wrote a whole page on this and sent it to the list but it seems that earthlink has lost the message. I've repeated it below:
Basically, in the header of a mail message is a line that says what mail server passed the message to your server. This line looks like this (there's more to it but this is the important part): Received: from hof001.cfhosting.net ([64.118.64.245]) This means that a mail server at the IP of 64.118.64.245 that says its name is hof001.cfhosting.net passed the message on. This is a properly formatted response. What makes it proper? The domain portion (hof001.cfhosting.net) is a properly formatted domain and the IP is also properly formatted (parenthesis and brackets). There are a few other ways that this can be formatted that are illegal: Received: from ([64.118.64.245]) Received: from [64.118.64.245] Received: from [127.0.0.1] ([64.118.64.245]) Received: from hof001 ([64.118.64.245]) In the first example, the domain name is missing. This means that the sending mail server has not announced itself. Many spam servers are set up like this to avoid being blocked. In the second example, the problem with the first example is compounded by having the IP in an illegal format. Again, a way for spammers to hide who they are. In the third example, the mail server is announcing itself as a specific domain IP but that domain IP conflicts with the 'true' IP which was used in the communication. Again, a spammer technique. The fourth example is one that is very common and is usually caused by legitimate users who have their personal mail server misconfigured. The domain portion is not a valid domain. On some mail servers this information is read from the machine name while on others it is 'written in'. I've disabled the checking of the fourth case as it has already caught some legitimate people that it should not have. The time and effort it would take to have them find and fix their personal mail server is just not worth the inconvenience. Does this answer the question well enough? Please note that I may be wrong in some of the details of the header and if so I'd appreciate someone pointing out the error to me. I've consulted with others on the logic and it seems to hold. > Thanks Matt, I actually know a fair bit about it, I just get nervous when > people speak about rejecting 'improperly configured' servers. Are we > talking about open relays, lack of rDNS, not rfc compliant? I am just > curious what Michael's definition is. > > Justin > > p.s. Nice tools. > > > -----Original Message----- > > From: Matt Robertson [mailto:matt@;mysecretbase.com] > > Sent: Monday, November 11, 2002 5:20 PM > > To: CF-Talk > > Subject: RE: (Admin) New spam code > > > > Justin, > > > > You can find out all sorts of stuff about how well (or > > poorly) your mail server dns etc. is set up at > > http://dnsstuff.com. One of the handiest tools there is > > http://www.dnsreport.com. > > > > http://www.dnsreport.com/tools/dnsreport.ch?domain=spamex.com > > > > > > ---------- Original Message ---------------------------------- > > from: Justin Greene <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > date: Mon, 11 Nov 2002 17:07:17 -0500 > > > > >Michael, > > >What does "running a properly set up mail server" mean? > > > > > >Justin > > > > > >> -----Original Message----- > > >> From: [EMAIL PROTECTED] > > [mailto:mdinowit@;houseoffusion.com] > > >> Sent: Monday, November 11, 2002 1:01 PM > > >> To: CF-Talk > > >> Subject: (Admin) New spam code > > > > > > > > >> Just a heads up: > > >> In an attempt to crack down on spam even more, I put some new > > >> code into effect > > >> yesterday which checks if your running a properly set up mail > > >> server. Most > > >> spammers don't have their mail server set up right or try to > > >> hide it. The code > > >> has been rather effective with 3 noted exceptions. These are > > >> legitimate people > > >> who's mail servers are not set up properly. > > >> If anyone gets a message about their posts being rejected due > > >> to this, you can > > >> email me at [EMAIL PROTECTED] If this becomes more > > >> of a hassle than > > >> not, I'll remove it. > > >> > > >> Michael Dinowitz > > >> Master of the House of Fusion > > >> http://www.houseoffusion.com > > >> ICQ: 2995061 > > >> > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
