El Lun 02 Feb 2004 20:42, Tracy escribi=F3: > At 18:37 2/2/2004, Tracy wrote: > >At 17:12 2/2/2004, Gustavo Galvan wrote: > > >Ok, accepting email from only authorized MX is, by now, a crazy idea > > > because the biggers free email servers do not use them. > > > >Well, you know, that's interesting. I do MX checks on RHS of MAIL FROM= for > >all mail received, and I still seem to receive mail from Yahoo, Hotmai= l, > >and Excite... So, which of the freemail providers are you referring to > > when you said "bigger free email servers"?
hotmail.com yahoo.com These servers send email with ip address wich are not MX records. I have = not=20 tested others. > > BTW, I just realized you said "authorized MX", which implies you are > checking the connection address against the returned MX. I'm not doing > that. I'm simply checking to see if the RHS of MAIL FROM *has* an MX. S= o, > for example, if I received mail from [EMAIL PROTECTED], I would do an MX > lookup on yahoo.com. If I found an MX (*any* MX), that test passes. It > would only fail if the RHS lookup found no MX. anyone can falsify MAIL FROM. Its a soft check. > > I do validate the connection IP address in other ways, however. > That's the point. So, I think we need check if IP Address of incomming SM= TP=20 connection corresponds with domain extracted from MAIL FROM. This IP Addr= ess=20 must have a record (A or CNAME) in the DNS of that domain. Gustavo - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]