Re: [exim] Heads up?

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M.MMarc Sherman at <-
M\M\Marilyn Davis at ->
Delete this message
Reply to this message
Author: Fred Viles
Date:  
To: exim-users
Subject: Re: [exim] Heads up?
On 23 Mar 2005 at 13:50, Marilyn Davis wrote about
    "Re: [exim] Heads up?":


|...
| If the challenge to a spoofed message is sent at SMTP time in the
| acl_smtp_data, doesn't the challenge go to the spoofer and not become
| collateral spam?

No. Doing it at SMTP time means the challenge can be sent to the
envelope-sender address rather than address(es) extracted from the
message headers. But the envelope sender address is no more reliable
than the From: or Reply-To: addresses.

FWIW, if a C/R system *only* sent challenges to envelope senders that
have been verified by one of the schemes to prevent envelope-sender
spoofing (SPF, DK, SES, etc), *then* it would not have the collateral
spam problem. But it wouldn't be very usefull...

- Fred






This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Heads up?Re: [exim] DNSBLs->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)