On Mon, 2009-07-13 at 18:28 +0200, Matus UHLAR - fantomas wrote: > > On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote: > > > > On Fri, 3 Jul 2009, RW wrote: > > > > > I understand that Spamhaus doesn't recommend this, because dynamic IP > > > > > addresses can be reassigned from a spambot to another user, but I > > > > > added > > > > > my own rule it does seem to work. In my mail it hits about 9% of my > > > > > spam, with zero false-positives. > > > > > > On 13.07.09 14:22, Tony Finch wrote: > > > > You will get false positives from senders that are using remote message > > > > submission, and from some webmail users if their server puts the webmail > > > > client IP address in the message headers. > > > > > > agreed, although, some kind of authentication should be done in either > > > case, > > > which should prevent the rules from hitting, but many ISPs and ESPs don';t > > > push auth informations to Received: headers... > > On 13.07.09 16:26, rich...@buzzhost.co.uk wrote: > > Do the RFC's state that they need to? > > yes, RFC4954 in section 7 does > Where - I don't see it say it needs to "push auth informations to Recieved: Headers";
7. Additional Requirements on Servers As described in Section 4.4 of [SMTP], an SMTP server that receives a message for delivery or further processing MUST insert the "Received:" header field at the beginning of the message content. This document places additional requirements on the content of a generated "Received:" header field. Upon successful authentication, a server SHOULD use the "ESMTPA" or the "ESMTPSA" [SMTP-TT] (when appropriate) keyword in the "with" clause of the Received header field. Am I missing what you are saying here?