Andrew Newton <andy(_at_)hxr(_dot_)us> wrote:
On May 13, 2004, at 5:17 PM, John Leslie wrote:
[Andrew Newton wrote:]
And where does the IP address for Step 8 come from?
That is the IP address of the sending MTA (unchanged from the
earlier HELO/EHLO test). We're interested in determining whether that
MTA should be trusted to have already verified the goodness of the
2821 MAIL FROM bounce address.
So this looks for the IP address of the forwarder's MTA in the domain
of the sender?
I had to parse that three times before I thought I understood your
question, so let me restate it:
" In the case of a forwarded message, this means a DNS query including
" the IP address of the forwarding MTA and the domain of the sender.
... and the answer is yes, unless some forwarder along the way has
changed the RFC2821 MAIL FROM.
Please understand, I don't expect this to work very well, but it
is an option, entirely under the control of the sender's domain.
Rewriting (by the forwarder) discussed elsewhere will probably
work better.
And please note that a forwarder with an excellent reputation should
pass the "best-case" test which allows bypassing checking MAIL-FROM.
--
John Leslie <john(_at_)jlc(_dot_)net>