On 27/12/06, David Saez Padros <[EMAIL PROTECTED]> wrote: > Hi !! > > >>> I would like to increase a spam defense of our server by checking if a > >>> sender really represents an MX server of his/her organization. So if a > >>> certain PC is trying to send me an e-mail from [EMAIL PROTECTED] then we > >>> will check if this person's IP address is within MX servers of > >>> domain.com, otherwise we'll refuse to accept the mail. > >> This is misguided. There's no useful correlation between outbound mail > >> relays and inbound MXs for a large proportion of the internet. Don't > >> do it. > >> > > OK, I see I was wrong. I just wanted to implement it because some > > prominent unix person had suggested this way of struggling with spammers. > > you just could use this check to score messages when no spf > > http://www.ols.es/exim/acl/ismx.acl
Even if you only use that for scoring, I still believe it's unwise. What you're actually doing is scoring the sending domain's email infrastructure against what you believe it should look like. A few tens of millions (beermat estimate - AOL, Hotmail, Gmail, Wanadoo for starters) of ISP users across the world would score badly for the sole reason that their provider chose a particular way of engineering their email system. It might be instructive to collect statistics on incoming email that passes or fails this check, and see how much of a spam sign it is compared with a false positive, however. Then see how much of the real spam would have been caught by other tests, and decide whether the FP rate, perhaps augmented with whitelisting, makes it worthwhile. I'll bet a large portion of Christmas Pudding that it will turn out to be of no use. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
