Manar Hussain <manar@???> writes:
>>Pete Ashdown allegedly said:
>>
>>So if the spammer fakes mail from a legitimate user of your site, it's
>>OK? Yikes, I'd have thought that would be WORSE than them just relaying
>>through you.
>
>Worse in some ways - but it requires more effort from the spammer to work
>this out. I accept thought that if(/once) the spammer does work it ought
>then the result is worse. On the other hand spammers have a history of
>doing this sort of thing anyways and I would have thought that the chances
>of spam being sent looking like it came from one of your customers would
>not increase significantly whilest the chance of random abuse of your relay
>facility would decrease significantly ...
>
Perhaps that's the state of things in the UK, but here in the US many
spammers are using the relay's domain in their envelope sender address.
I've also heard rumors to the effect that some of the "toolkits" that
spammers are selling to each other have the feature to automatically
insert the relay's domain into the envelope sender address. The person
operating the toolkit doesn't need to know anything about SMTP.
So I feel the hope that spammers will be dumb enough to not use your
domain when they relay through you is a false one. If most of them
aren't already doing it, they will learn soon.
-Greg
--
Greg Andrews West Coast Online
Unix System Administrator 5800 Redwood Drive
gerg@??? Rohnert Park CA 94928
(yes, 'greg' backwards) 1-800-WCO-INTERNET