So no matter what we do we will still send out UCE to the unsuspecting user who had their email address spoofed and we can't detect when that happens.
Until we get an irrate message from them or a spamcop report
At that price... maybe SA is enough... what does TMDA buy me?
You can always validate inbound email against SPF.
SPF, once fully deployed, will prevent all/most of this forgery of sender addresses.
Of course, not *too* many domains publish this yet, but it is becomming more popular.
Personally, I find most spam has from/sender addresses with valid domains but invalid user-names, so the bulk of challenges get dropped anyway. You can use the smtp-check-sender.pl script in the contrib directory to filter these out so they don't fill up your mail queue if you want.
Also, I hold any email immediately if it matches a bunch of header patterns that indicate worms/etc. for Microsoft systems (e.g. attachments with zip/pif/scr/bat/exe/com/... extensions). Running a virus checker with external notifications turned off would do much the same thing.
_____________________________________________
tmda-users mailing list ([email protected])
http://tmda.net/lists/listinfo/tmda-users
