mouss said: >> >> > >> > The implementation of it is not my concern. It's a pretty basic rule to >> > require that addresses a commonly exploited spam attack vector. >> >> having the same address in the From and To is also seen in legitimate mail: >> - I send mail to myself >> - some people use their address in the To when they Bcc many people >>
Hi, well, I send mail to myself sometimes. The only way that this mail could go is either straight from the mailserver to my inbox (if I am logged in), or from my desktop client, via my mailserver, to the inbox. So it seems to me that any sender claiming to be _me_ would _auth_ to the mailserver. When I implemented this a while ago, some ebay mails violated that, and mails from monster.com. AFAIK, at least ebay has learned that such mails are likely to be caught by various reasons (DKIM?) Wolfgang Hamann