At 12:05 PM 8/12/97 -0500, Rocket Ray wrote:
I thought I noticed the other day that someone (either on this list or
the spam list) said that the domain part of a proper (non-spoofed)
Message-ID would always match the domain part of the From: address,
Is that true?
No, it is merely a pre-filter someone was looking to do -- they feel more
suspect of messageids that don't match the from address.
An entirely reasonable reason for a messageid not to match the domain is
when the domain is a virtual domain, or when someone is posting for replies
to a personal account, when they are at work (and using the office SMTP
machine to launch the message). You might call it "legal/moral spoofing".
if I'm at my office, I'm not necessarily going to send the message all the
way across the net to my mail server, when I have one accessible on the
ethernet right there.
It may be a useful technique when used in conjunction with a variety of
other spam detection mechanisms (perhaps with weighting), but if you
depended on it directly, you'd find a bunch of reasonable mail getting
ditched.
I'd be more prone to suspect a messageid which contained a domain host that
did not appear in any of the recieved headers, but I wouldn't bet on that
one being right all the time either.
---
Please DO NOT carbon me on list replies. I'll get my copy from the list.
Sean B. Straw / Professional Software Engineering
Post Box 2395 / San Rafael, CA 94912-2395