[Top] [All Lists]

RE: Anti-Spoofing Technology

2005-04-17 20:55:32

At 01:39 -0400 on 04/17/2005, John P Baker wrote about Re: Anti-Spoofing Technology:

I had not yet looked at RFC 2822, but I have now pulled a copy and I am
taking a look at it.

What I am really thinking about is the mailbox designated by the "From:"

I know that when a message is being transmitted between servers, it is
really far too late to make any determination as to the validity of the
"From:" header.

However, it seems to me that when a message first enters the mail system
(i.e., an ISP SMTP server receives a message from a client of that ISP),
validation of the return address could be required.  Specifically, the
"From" mailbox specified in the message header could, pursuant to an SMTP
extension, be validated against a list of mailboxes allocated by the ISP to
the client with whom the SMTP server is in session.

Does not fly when the ISP (ie: ISP1) blocks Outgoing Port 25 and thus forces all mail to go though their servers and you're trying to send mail using an ISP2 (who only runs their MSA [Email Injection] on Port25) From Address. The result in this case is that you can not route your ISP2 mail though an ISP2 SMTP Server and the ISP1 (ie: Current Connectivity Provider) Server rejects the From since it is an ISP2 Mailbox not an ISP1 one.

There may already be something in the RFCs that I have yet to find.

I am just beginning my research into this.

John P Baker
Software Engineer

<Prev in Thread] Current Thread [Next in Thread>