From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
You can't whitelist on the sender address domain unless you have
authentication.
That is wrong in the real world, at least today. For example, lot of
mail has been authenticated by simplistic whitelists like that in
http://www.dcc-servers.net/dcc/dcc-tree/homedir/whitecommon
For years that page has been the most commonly fetched of all of the
on-line DCC source. I'm not sure why that is, but I am sure that no
significant spam has used it for header forgery. I theorize that
is because of the header forgery laws.
The DCC depends on whitelists and outfits installing the DCC usually
start their whitelists with that whitelist. Maybe the DCC is too
small so recall that the current anti-spam filters of the big mail
providers involve per-user and probably per-provider whitelists.
If you can trust that everything claiming to come from cisco.com or
microsoft.com really is from there you can whitelist the zone.
I could draw up a whitelist of 95% of the zones that legit mail is
likely to be sent from.
For you, but not for me or the next person. More than a few people
complain about spam from microsoft.com.
But if the spam senders can forge headers then they are soon ganna
be worthless.
Again, except for whitelist entries for one's own address, that is
not the case in the real world.
And yes over 50% of my spams (ones I have received that is) have
forged headers.
What do you define as "forged headers," genuine forgery or the bogus
notion that is merely inconsistencies between header or envelope domain
names and the reverse DNS name of the IP address of the SMTP client?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg