On 30-Aug-06, at 1:44 PM, Justin Mason wrote:
Gino Cerullo writes:part 1.2 text/plain 1027 On 30-Aug-06, at 1:10 PM, Michael Grey wrote:Are there any SA methods that allow verification of the ‘sender’ of an email ? I am aware of SPF which can confirm that a host at ip address x.x.x.x is authorized to send mail as from domain “A”, but how about a means to confirm that [EMAIL PROTECTED] actually is a real user before accepting mail from him ?I don't believe SA can do that as it's a content filter. Some MTAs can do this and this is were you want those kinds of verifications to happen, before DATA. The problem is that if you do it for every address you will get false positives, especially from sources like mailing lists, news & info subscriptions, etc., and you'll find yourself whitelisting alot. I actually do this using Postfix but I use a table of 'frequently forged domains' whose addresses are verified before they are allowed to pass on to the content filters.It's also worth noting that doing this is counterproductive in an overallstrategy sense, since it drives the spammers to simply use known-validthird-party addresses -- such as random addrs from their target addresslist -- as the forged source of the spam. The end result for us end users, is a massive increase in "spam blowback", which is what we've seen since those MTAs implemented it. :(
Unfortunate but SPF would prevent that as well. If everyone just used SPF, none of this would be a problem.
-- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740
smime.p7s
Description: S/MIME cryptographic signature
