I am trying to determine who sent a mail. I am not looking for a 100% effective way of stopping a person from spoofing, but the FROM address to far too easy a target. I was thinking of the message.hostis() method or looking at the Received trace information. Any thoughts?
Just about everything in the message is spoofable, so not sure how valuable it is to check every received header. Couple of simple checks is make sure the HELO domain resolves to the IP address. I don't think that could just be a mailet and would require changes to the SMTP listener.
Another existing check is verifying the sender's domain is valid This is feasible again now that VeriSign has undone their wildcard resolution.
-- Serge Knystautas President Lokitech >> software . strategy . design >> http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
