W dniu 2009-03-03 18:41, Noel Jones pisze:
Some legit "reminder" type services, some meeting notifications, and
other legit mail might arrive with you as the sender. Maybe not best
practices, but it's legit mail and such a policy will reject it.
Why would someone want to fake sender address? Is this really legit mail
when one has (envelope!) sender address spoofed? I've no idea why should
I get reminder from myself. If xyz is this service provider I want to
get reminder from s...@xyz.
You can send yourself mail via eg. gmail or your home ISP with your
postfix domain as sender address. Some people really do this.
And why would I do that? If my ISP would restrict to send only via their
SMTP server, I'd use webmail. And I have no idea why would one allow
relaying via their SMTP server for everyone. And if not for everyone,
then ISP should do address rewriting for their users. That's it. And
that still doesn't change my point of view - broken configuration
doesn't always give you legit mail.
If one still wants to use other SMTP server to send mail with spoofed
address, why just not add this SMTP server's IP to my_networks?
The "some amount" of legit mail you will reject is highly dependent on
your users. Some sites will see quite a bit, others very little. Some
people consider this a horrible idea, others a useful policy with an
acceptable risk. You get to pick which side of the fence you live on.
I cant's see any risk anyways, not just in place. And it's possible that
zen BL will stop more "legit" mails (depends on what one means by "legit
mail", maybe there are people who read those "I'll give you $1billion"
mails). If I'm wrong, please point it out, let me learn.
Pawel Lesniak
