I know most people on this list are busy with implementation of filtering
stuff, but I was wondering: suppose I have a filter, would it be possible to
filter on spoofing of internal e-mail addresses in the From: header?
The From: header is a good candidate for some kind of filtering. But what
if spammers put my own e-mail address in the From: header (and thus spam by
sending one message per SMTP job)? Would there be some way for me to
recognize that this is an outside message, even if it says it is internal?
Message-ID can be spoofed also. So I am currently left with the idea that
only the Received: headers added by intermediaries are a possible source for
detecting spoofing.
But how would I write rules for filtering that out? What kind of
combination of internal addresses (consider a complete domain) and Received:
headers would do the job?
And supposed I have such a rule, how would I prevent messages that I resend
(from my domain to another and back, those get a load of extra Received
headers but keep the original From:)?
Thanks,
--
Gerben_Wierda(_at_)RnA(_dot_)nl (Gerben Wierda)
"If you don't know where you're going, any road will take you there"
Paraphrased in Alice in Wonderland, originally from the Talmud.
Dass man fuer die Philosophie ein Interesse zeigt, bezeugt noch keine
Bereitschaft zum Denken -- Martin Heidegger