Re: [exim] Heads up?

Pàgina inicial
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
A: exim-users
Assumpte: Re: [exim] Heads up?
On 23 Mar 2005 at 13:50, Marilyn Davis wrote about
    "Re: [exim] Heads up?":


|...
| If the challenge to a spoofed message is sent at SMTP time in the
| acl_smtp_data, doesn't the challenge go to the spoofer and not become
| collateral spam?


No. Doing it at SMTP time means the challenge can be sent to the
envelope-sender address rather than address(es) extracted from the
message headers. But the envelope sender address is no more reliable
than the From: or Reply-To: addresses.

FWIW, if a C/R system *only* sent challenges to envelope senders that
have been verified by one of the schemes to prevent envelope-sender
spoofing (SPF, DK, SES, etc), *then* it would not have the collateral
spam problem. But it wouldn't be very usefull...

- Fred