| Stephen Gran on 22 Mar 2004 01:34:02 -0000 |
|
On Sun, Mar 21, 2004 at 08:17:38PM -0500, Malcolm J Harwood said: > On Sunday 21 Mar 2004 15:04, Tom Diehl wrote: > > > Just set up your mta to reject mail that has a from header of aol.com, etc > > but does not come from aol.com mail servers. 99.999% of the mail I see with > > an aol.com, yahoo.com, hotmail.com etc. from header originates from some > > other mail server. > > I was under the impression this is exactly what SPF is for. Otherwise you > don't *know* what AOL's mail servers are. Yes. SPF is designed to look at the envelope from (MAIL FROM:), but can be set up to look at the header 'From: ' as well. Dumping mail based on the From: header, as others have already noticed, breaks forwarding and other long standing parts of the store-n-forward idea of smtp. Rejecting based on a forged HELO, on the other hand, is decidedly safe - nobody but aol should be HELO'ing as an aol machine (or worse, as your own machine) unless they're trying tricks. Until somebody comes up with a better sytem to verify that email comes from where it says it comes from, I'm steering clear of SPF. The multitude of things it breaks isn't worth the one thing it might fix. -- -------------------------------------------------------------------------- | Stephen Gran | "You'll pay to know what you really | | steve@lobefin.net | think." -- J.R. "Bob" Dobbs | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- Attachment:
pgpgbZhQzJX6Q.pgp
|
|