[Top] [All Lists]

Is this filterable?

1998-06-30 06:41:28
I know most people on this list are busy with implementation of filtering  
stuff, but I was wondering: suppose I have a filter, would it be possible to  
filter on spoofing of internal e-mail addresses in the From: header?

The From: header is a good candidate for some kind of filtering. But what  
if spammers put my own e-mail address in the From: header (and thus spam by  
sending one message per SMTP job)? Would there be some way for me to  
recognize that this is an outside message, even if it says it is internal?  
Message-ID can be spoofed also. So I am currently left with the idea that  
only the Received: headers added by intermediaries are a possible source for  
detecting spoofing.

But how would I write rules for filtering that out? What kind of  
combination of internal addresses (consider a complete domain) and Received:  
headers would do the job?

And supposed I have such a rule, how would I prevent messages that I resend  
(from my domain to another and back, those get a load of extra Received  
headers but keep the original From:)?


Gerben_Wierda(_at_)RnA(_dot_)nl (Gerben Wierda)
"If you don't know where you're going, any road will take you there"
Paraphrased in Alice in Wonderland, originally from the Talmud.

Dass man fuer die Philosophie ein Interesse zeigt, bezeugt noch keine
Bereitschaft zum Denken -- Martin Heidegger

<Prev in Thread] Current Thread [Next in Thread>