On Thursday, May 29, 2003 6:11 PM, Vernon Schryver
[SMTP:vjs(_at_)calcite(_dot_)rhyolite(_dot_)com] wrote:
8<...>8
- Only 48% of the 32,300 spam in my rolling 40 day log have
Reply-To headers, but perhaps what is meant is the envelope Mail_From
address. It is an article of faith for many people that "most"
Mail_from addresses are "false," but the evidence for that belief
is thin.
IMHO the only relevant header information to determine 'sender' forgery is the
Return-Path: field reported by the receiving server. In this case I am
referring to the receiver that is presented at the recipient border that
interacts with the 'spamming' system or (if headers are not munged and are
legitimately preserved as recommended RFC2822 and RFC822) by the terminating
end of the store-and-forward message transfer.
-e
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg