-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 1/9/2012 6:36 PM, Reindl Harald wrote: > > > Am 09.01.2012 22:07, schrieb Noel Jones: >> On 1/9/2012 1:24 PM, Jeroen Geilman wrote: >>> Many people (me and most of this list included) reject >>> impersonation of the sender address unless it is on an >>> encrypted submission port; this is the norm rather than the >>> exception nowadays. >> >> Be aware this may reject some legit mail. > > which? > >> Feel free to do it as a local policy, just understand it's >> not 100% safe. > > it is exactly as safe as a RBL
Yes, it's fair to compare this with a random dnsbl you find referred to somewhere online that you really know nothing about other than some third-party saying it's great. > >> Examples are web sites such as news sites "send article to a >> friend" and external calendar/reminder services. Airlines >> used to do this with flight notices, but I think most of them >> have fixed it. Some "greeting ecard" web sites; it's >> debatable if you want those anyway, but your users might. > > in this case this is NOT legit mail, sites implementing this > way have to be rejected - a "greeting ecard" where you can > enter a e-mail-address which will be used as ENVELOPE sender > is badly broken > > any web-application using a foreign ENVELOPE sender is badly > broken I don't disagree that this is badly broken; nonetheless it's still in use. Unless one is in the enviable position to dictate and enforce policy with regardless of customer/user/management/owner/whatever input -- my way or the highway as they say -- this and all other anti-spam techniques need to be considered in a local cost vs. benefit. Anti-spam is never one-size-fits-all. I dropped this rule when I realized that virtually all the spam would still be rejected by other rules, leaving this rule to only hit the occasional false-positive. Not many, but enough to cause some complaints. Disabling it did not lead to a flood of spam entering the system. I gently remind you that just because something is broken doesn't mean it can't or shouldn't be accepted. Just because something works great for you doesn't mean it's appropriate for everyone. -- Noel Jones -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPC7FpAAoJEJGRUHb5Oh6gKrwIANeyfz2p/S8w8R8ld9f140Vi Kmq3AqwN2RcuwwhcChNmytHTLUwIxjlv2NLKH9ClhuQBBHhirBKwuvFHtqr7veh9 Fuw35ujmRaM+XqjkU8av/6CjfpxFPZoKwDXATmgOZ/r1o1Mqghlees1p36IK/TJx 7e+MJaTJrou7VKJE8bxEva0bWafrYdtq+UL0FfB2rBo85kjMEyxF1n3298D52aIv F14hoaL4ejvf2ojI6gHm7RYEXa0Su1SUxS9RF6KdckWmd+w4mUncUh62Sb6UJfyd DDzxaRlG0dsMNufmML3T9Yi9z0vXHmy+tYOu4Ce4vJd9RmuyZXDhceZOOdCVHXg= =ie2Y -----END PGP SIGNATURE-----