Re: [Exim] New Feature Request.

Some earlier spamware that dummies occasionally still use has the envelope
sender hard coded - things like "friend@???" were pretty popular,
so blocking them is generally a good thing.

A further example of where something like this would be useful is in a
large system with many hosts that require management via a consistent
database of some kind. Easier to add an entry to that database for the
sender address being used in a current spam run than to push such
configuration data to every host. However, my suggestion would be that
such a list may not be as well suited to shared use via the DNS as
information about open relays etc in the RBL, RSS, ORBS, DUL. So -
perhaps maintaining the list of sender addresses to block could be
maintained in a local MySQL database or LDAP directory (support for which
is already included in Exim).

Dennis Taylor wrote...

> Actually, I am using reply-to address on a limited basis for spam
> filtering. 99% of addresses may be unpredictable, but there are a few who
> (probably for reasons of ego) always use the same or variations on the same
> address.
>
> At 09:40 AM 8/15/00 +0100, Ian Southam wrote:
> >On Mon, Aug 14, 2000 at 02:35:05PM -0400 Dave C. wrote :
> >
> >> This would be of very limited use. Most 'sender' address used in spam
> >> are random made up addresses used one time only. Sometimes they even
> >> use a different random sender for each recipient. The email address of
> >> the sender of a message is of almost no use in detecting spam.
> >
> >Indeed, I have read through it about six times and, other than blocking faked
> >sender addresses I cannot see what the point is.
> >
> >I get the feeling I am missing some - can someone explain?

--
Pete Naylor