On Tue, 2022-08-23 at 12:11 +0200, Vincent Lefevre wrote: > On 2022-08-18 19:40:33 +0100, Martin Gregorie wrote: > > - if the reverse lookup fails, or the domain it retrieved does not > > match the one in the From address, send a bare 550 REJECT because > > the failed > > reverse lookup implies the sending domain is a forgery. > > It doesn't. There are IPs that host several domains, e.g. in case > of shared web hosting. For instance, I have 2 domains vinc17.net > and vinc17.org, and both are handled by the same machine, thus > with a single IP address. So, necessarily, the reverse lookup will > not match for one of these domains. > Fair enough: I did say that some of this was off the top pf my head at the end of a longish day.
Would doing the lookup trick on the URL in the Message-ID header be any more reliable? Martin