On Tue, 17 May 2005, Dennis Peterson wrote: > > What I am saying is that if you can't do some type of verification, > > whether it is connect-back (remember the old dialup > > callback-verification-system?) to the sending server or SPF or some other > > type of authentication mechanism, then you can't trust the sender. Really > > even SPF isn't great because DNS can be spoofed. > > It is impossible to get verification this way. All you have that you can > depend on (and only just barely) is the IP of the source. the helo > greeting and mail from: can be and frequently are faked or from virtual > hosts. Even if the info is true there is still no way for you to guarantee > it. Spammers buy throw-away domain names by the thousands, you know. There > is no reason a host need identify itself using the name in its DNS PTR > records. There is no reason a sending host needs an MX record. If I have > 30 hosts behind a BigIP box you're going to see one IP regardless of which > host is connected to you. I may have dozens of hosts that resolve to a > single IP, and hosts that resolve to dozens of IP's. > > The closest thing you have is SPF and it's barely implemented and > voluntary. Sure glad it's been a quiet day :-)
Heh - quiet day here too. I would say that if a sending domain does not have an MX, then I don't want its mail. Even mail-list domains should receive mail for (un)subscribe. You are right, a sending host doesn't need an MX, but whatever ip it is coming out of should answer on port 25 to fly a 220 banner unless it is an end user. I also realize that many don't listen on port 25, however, it sure would help with the spam problem if they would. I think what this is coming down to is try it and see. -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ http://lurker.clamav.net/list/clamav-users.html