I'm a
little confused. If someone is sending legitimate email to [EMAIL PROTECTED], you're accepting
it. If the 'from' email address is forged to be [EMAIL PROTECTED], but the to
address is still [EMAIL PROTECTED],
there is a legitimate recipient for the message on your
network.
I'm
trying to determine the benefit to putting in the no-forge restriction. Is
the idea to prevent spammers from dumping things into your net? If so,
it's an interesting idea, but the spam I get rarely forges the from address as
being specifically from *my* domain.
On its
face it sounds like added complexity with minimal benefit. Could you
perhaps clarify the intended goal?
-----Original Message-----
From: Coleman, Clayton [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 04, 2002 8:20 AM
To: [EMAIL PROTECTED]
Subject: [FW-1] Filtering incoming SMTP "from" your domain via SSHere's the scenario: We block all incoming mail not destined for our mail domains (to block relay) but we are also considering not allowing people to deliver mail to us that appear to come from our domain. Confusing?
Simply put, should we allow someone from the Internet to deliver to our SMTP server "From: [EMAIL PROTECTED]" "To: [EMAIL PROTECTED]" since all mail from foxboro.com should come from internal? What would be the downsides of blocking someone from the Internet who tries to do that?
And, can we do that in a resource...? I only think it works for the destination domain, not the source domain of the email.
Thanks much.
Clayton
