Re: [exim] Heads up?

Top Page
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: Fred Viles
CC: exim-users
Subject: Re: [exim] Heads up?
On Wed, 23 Mar 2005, Fred Viles wrote:

> On 23 Mar 2005 at 13:50, Marilyn Davis wrote about
>     "Re: [exim] Heads up?":

>
> |...
> | If the challenge to a spoofed message is sent at SMTP time in the
> | acl_smtp_data, doesn't the challenge go to the spoofer and not become
> | collateral spam?
>
> No. Doing it at SMTP time means the challenge can be sent to the
> envelope-sender address rather than address(es) extracted from the
> message headers. But the envelope sender address is no more reliable
> than the From: or Reply-To: addresses.


Oh. I guess I'm still not understanding something.

Are you saying that when mail is rejected at smtp time, the error
message can get to a different computer than the one that sent it?

If personal ham mail is rejected at smtp time, and the error message
doesn't make it into the mailbox of the real person who sent it, isn't
the sender's system broken?

>
> FWIW, if a C/R system *only* sent challenges to envelope senders that
> have been verified by one of the schemes to prevent envelope-sender
> spoofing (SPF, DK, SES, etc), *then* it would not have the collateral
> spam problem. But it wouldn't be very usefull...


Hmmmmm. It wouldn't be very useful because???? Because by then, you
should just accept the mail and be confident that it is ham? No,
spammers can register themselves at SPF too.

But I thought I was convinced that SPF isn't useful.

I'm sorry I'm so ignorant. I don't know how to fix it except to
expose my ignorance.

Thank you for helping, Fred.

Marilyn

>
> - Fred
>
>
>
>
>
>


--