On Jun 4, 2012, at 9:26 AM, Charlie Brady wrote: > On Sat, 2 Jun 2012, Matt Simerson wrote: > >> Is it a good idea to validate that the MAIL FROM address is the same as >> the From: header in the message? >> >> What exceptions need to be made, if any? >> >> What problems might I encounter if I were to do this? > > For starters, you would penalise this message, and perhaps not see it. > >> If the To header exists, shouldn't that also be validated against RCPT TO? > > Also wouldn't work well for mailing list messages.
Aye, good one. Exception #1: mailing lists I should be able to detect mailing lists though. For example, this list has a Mail-List header. I'd expect that most lists would similarly mark up the message. I don't anticipate using From validation as a condition for rejection, but if you aren't a mailing list, and you aren't ( OTHER EXCEPTIONS HERE), then I might want to ding your karma for having a forged From header. In addition to whatever value it might have for Bayesian filters, it may be useful to always add an X-From: header, so that diagnosing email problems like my client with the forged From: header would be easier. I had to grep through his server logs to see how the spammer bypassed the SPF and SA tests. (SA only sees From: and SPF only uses MAIL FROM). I wonder if X-Rcpt-To should be similarly added. Has this been done before? Should it be? Matt
