After having email addresses in my domains hijacked (both users that exist
& those that don't) left, right, and center I can't take it anymore!
Is it possible/insane to have esmtpd (& any other MTA) do a reverse
DNS check on the MAIL FROM address to ensure that the domain specified
there match the domain of the sending machine?
I don't care if it takes a couple extra seconds to do that check, endless
email hijacking is totally ridiculous & HAS to stop. I'm stick of
seeing zillions of bounces from spam emails no one in my domain ever sent.
SO someone please tell me what's so horrible about:
1. client connects & sends MAIL FROM address
2. server reverse DNSs the client's IP
3. if the domain doesn't match the domain in the FROM address or
the IP is not resolvable the email is rejected
OR
1. client connects & sends MAIL FROM address
2. server DNSs the MX record for the domain in the FROM address
3. if the IP of client does NOT match one of the MX records for that domain
the email is rejected.
If domains want to allow other machines than their mail servers to be able
to send emails using their domain they can add them with a very high MX
priority so they never actually get used as a mail server BUT do show
as legtimate sources of mail traffic for that domain
of course everyone across the internet would have to do this BUT if they DID
then we REALLY cut down on spam - & virtually totally eliminate email
hijacking.
Again who really cares about the extra 1 second or so the DNS lookups will
take - & of course most likely they're cached locally anyway after the
first hit.
Currently our mail infrastructure is setup to first accept and THEN see
if there's something wrong with the message - HOWEVER with the tidal wave
of spam that now is more numerous than legit email this paradigm needs to
be switched: email should first be REJECTED UNLESS there's compelling
reasons to be accepted...
Of course these same checks could also be done the 'From:' & 'Reply-To:'
headers - which I also think is a good idea but requires more intervention
& maybe someone has a problem with looking into the headers BUT with
spam being WAY out of control we gotta take more serious steps to stem the
tide.
whatcha'll think?
Mark
-------------------------------------------------------
This SF.net email is sponsored by Dice.com.
Did you know that Dice has over 25,000 tech jobs available today? From
careers in IT to Engineering to Tech Sales, Dice has tech jobs from the
best hiring companies. http://www.dice.com/index.epl?rel_code=104
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
