Stephen J. Turnbull wrote: >Geoff Shang writes: > > > 2. One idea I came up with for rejecting spoofed mail is for the > > receiving SMTP server to somehow check if the sending one is an MX for the > > domain given in the From header. Are there any obvious problems with this > > approach? Is anyone actually doing this? It seems so simple that there > > surely must be some reason why it's not done. > >It is being done, although not via the MX for the reasons Larry Stone >gives. What you're looking for is call "SPF" or "DKIM" (these are >actually two different protocols, and I think with the standardization >of DKIM, SPF is probably dead). The way DKIM works is that hosts >authorized to send mail from a domain are given special resource >records in their DNS which provide a public key, and then some portion >of the mail and/or headers is signed with an appropriate private key.
There are still sites that check SPF and will reject mail for an SPF hardfail. Note, if you run SpamAssassin, there is a Botnet module[1] available that will check the MTA that delivered to the trusted local network has full circle DNS and a host name that doesn't look like a 'home network' name. [1] <http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar> -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
