Stuart D. Gathman writes:
On Wed, 19 Oct 2005, Dan Field wrote:
Anyone have any good filtering rules for sorting the good DSN from bad?
Sign the local part of outgoing mail (using SRS, for example, even
when the domain is the same). Reject DSNs to unsigned addresses
or with invalid signatures.
If you do this, do it after the DATA command - e.g., using sendmail's
check_data. If you do it before DATA, sites that use null-sender SMTP
back-connects to check that you accept mail to postmaster will refuse
your mail. (One such site is SourceForge.) You needn't actually
accept any data, just wait for the DATA command, then reject it.
Also, you will probably want to reject mail to SRS-signed addresses if
the mail is NOT a DSN. Do this after the DATA command also, or sites
that use SMTP back-connects with a NON-null sender to verify the MAIL
FROM will refuse your mail.
Another SRS issue: the SRS field separator is the equal sign ("="),
and some sites refuse all mail with an equal sign in the MAIL FROM, so
these sites refuse SRS-signed mail. (Note that the SRS "separator"
argument applies only to the *first* separator, the one between "SRS0"
[or "SRS1"] and the hash. The separator between all other fields is
always the equal sign.)
--
Dick St.Peters, stpeters(_at_)NetHeaven(_dot_)com
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com