On Wednesday 07 February 2007 14:25, Jason R. Mastaler wrote: > Tim Rice <[EMAIL PROTECTED]> writes: > > Seems like quite a SPAM hole. All a spammer has to do is set the > > Reply-To: to a user in your company wide whitelist and they can send > > spam to anyone in the company without being challenged. > > How is it anymore of a spam hole than a spammer forging the "From:" > address? >
I use SPF on my domains to detect and prevent "From:" address spoofing. SPF is not designed to analyze "Reply-To" addresses however. I have had a few pieces of spam slip through my filters over the past couple of years exactly because of this loophole. Just my 2 cents. Randy _________________________________________________ tmda-workers mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-workers
