ietf-mxcomp
[Top] [All Lists]

RE: Can you ever reject mail based on RFC2821 MAIL FROM?

2004-04-26 12:26:24


You cannot use SRS or any form of MAIL FROM rewriting to prevent joe
jobs.  It won't work.  The reason is that the receiver of the spoofed
mail has no way to distinguish mail from an SRS-compliant MTA 
from mail
that has been routed through a non-SRS compliant forwarder.  The only
way the receiver can reliably reject messages is that there remain no
significant population of non-821-checkers out there on the internet
that the spammers can find.  That is, if effectively everyone did the
check, then it might work, but thinking we'd ever even remotely get
there is, with all due respect, fantasy.  

This is the key.

WE ARE AUTHENTICATING THE GOOD EMAIL.

This is not about kicking out the bad stuff, its about bypassing the
spam filter for the vast majority of mail received.

Forwarding relationships are rarely one off. sure everyone hates the
idea of maintaining state, but if you do that it is trivial to spot
a forwarding relationship.

In fact you could even have a config in the mail filter for 'tell 
me all the mail addresses you use'. Send out a probe message and you
know the gateways that are used.

                Phill


<Prev in Thread] Current Thread [Next in Thread>