On Wed, 23 Mar 2005, Scott Kitterman wrote:
If my policy says to REJECT any message claiming to be from
"ownitmortgage.com" (one of ~1500 in my blacklist), I really
could not care
less whether it was forged.
A domain based whitelist would be enhanced by SPF checks. For those I would
imagine you do care if they are forged.
Exactly, but in that case you can wait until after RCPT TO with no
loss of efficiency. In fact, my whitelist is based on both
sender AND recipient. Sometimes a sender is too clueless to
have a valid HELO name, SPF record, PTR, or any other identification,
their domain is frequently forged by spammers, they send from random IPs
at hotels and libraries (so I can't provide a surrogate SPF record), and they
are not willing to listen to any advice on email setup. Nevertheless, work can
get done by whitelisting the combination of sender and recipient - at least
until some spammer harvests the recipient address from their spyware
riddled Windows box.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.