On 27/12/06, Ian Eiloart <[EMAIL PROTECTED]> wrote: > > > --On 27 December 2006 10:33:41 +0000 Peter Bowyer <[EMAIL PROTECTED]> wrote: > > > On 27/12/06, David Saez Padros <[EMAIL PROTECTED]> wrote: > >> Hi !! > >> > >> >>> I would like to increase a spam defense of our server by checking if > >> >>> a sender really represents an MX server of his/her organization. So > >> >>> if a certain PC is trying to send me an e-mail from [EMAIL PROTECTED] > >> >>> then we will check if this person's IP address is within MX servers > >> >>> of domain.com, otherwise we'll refuse to accept the mail. > >> >> This is misguided. There's no useful correlation between outbound mail > >> >> relays and inbound MXs for a large proportion of the internet. Don't > >> >> do it. > >> >> > >> > OK, I see I was wrong. I just wanted to implement it because some > >> > prominent unix person had suggested this way of struggling with > >> > spammers. > >> > >> you just could use this check to score messages when no spf > >> > >> http://www.ols.es/exim/acl/ismx.acl > > > > Even if you only use that for scoring, I still believe it's unwise. > > What you're actually doing is scoring the sending domain's email > > infrastructure against what you believe it should look like. > > Actually, I don't think this matters. The problem that you're highlighting > is that there's no information regarding email that fails the test. Fair > enough. However, email that passes the test probably is less likely to be > spam [if only because spammers don't usually use their own resources to > send email, or because one can potentially punish them later if they do], > so the test might be useful for whitelisting.
Yes, I agree, taken that way round its a useful adjunct to whitelisting. Just like SPF and DK, actually :-) > > A few > > tens of millions (beermat estimate - AOL, Hotmail, Gmail, Wanadoo for > > starters) of ISP users across the world would score badly for the sole > > reason that their provider chose a particular way of engineering their > > email system. > > Actually, you need to take Hotmail off that list, since they do publish SPF > records, so their servers would pass this test. True, I was referring to the MX comparison part of the test, but I see now that it has an 'accept' at the top for an SPF pass. Rightly so. Probably still tens of millions, though..... I left off all the Outblaze domains..... Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
