Spam filters have been doing Received chain analysis for about 20 years.
Yes, I know. A friend of mine founded a company that worked using this
principal. Unfortunately, it got less and less effective as
spammers got better and better at faking things. The reason I asked for
recent experience is that I'm curious if anyone is _still_
getting real benefit from this.
Yes. See the message you just replied to.
Since the only header-field you can actually trust is the first one that your
own MTA adds, ...
No, that's not correct. See recent message.
SPF works just as well (actually, a _lot_ better) as a validation mechanism.
What? Header chains say "this message came through this IP". SPF
says "I assert that these IPs are allowed to send mail for this
domain." They're completely unrelated.
We don't use header chains for validation, we use it to figure out who
to blame, who to alert, and who to block.
ietf-smtp mailing list