Ed W wrote:
Personally I don't like fake "senderbcc" address for every user.
This my
catch a lots of spam in "sent" folders.
you are confusing sender bcc with virtual aliases.
What about spam with a faked FROM address which seems to be from a
local user? I think the point is that this strategy can cause a copy
of the spam to end up being added as a sent item.
there are two cases:
- you enforce authentication and sender-login match. in this case, you
detect forgeries
- you don't. in this case, you can't detect forgeries. and a header
won't help. the whole approach breaks.
The extra header field was being added presumably to identify real
sent mail from faked spam and hence only add real sent messages to the
sent folder?
and how do you add a header only to "really" sent mail? and anyway, how
do you deliver a _copy_? remember that this is outgoing mail and won't
naturally go through dovecot.
