Traditional remote domain verification involves checking that the domain
stated in an email address has a valid MX or A record published in the
DNS. This implies that a spammer could send email "from" any old machine
with an A record and expect it to be accepted. Sender-ID does not solve
this problem unless you publish a -all record for EVERY HOST on your
network, since in the absence of a Sender-ID record the recipient will
fall back to the current behaviour.
With CSV the problem is slightly worse, because traditionally no checking
is done on the HELO domain. To prevent a spammer from making up names in
your zone, you must publish a wildcard -all record to ensure that the
recipient knows that you are aware of CSV and wish to ban the use of
nonexistent naes.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BERWICK ON TWEED TO WHITBY: WEST OR SOUTHWEST 2 OR 3 INCREASING 3 OR 4. FAIR.
GOOD. SLIGHT OR SMOOTH.