Re: [exim] Feature Needed - Main_domain

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Richard Clayton
Ημερομηνία:  
Προς: Marc Perkel
Υ/ο: exim-users
Αντικείμενο: Re: [exim] Feature Needed - Main_domain
In message <432EECC5.3000601@???>, Marc Perkel <marc@???>
writes

>>I obviously missed it... but what is the purpose of this discussion?
>>
>>If for example you were considering sending an abuse email, then Demon
>>would prefer it to be sent abuse@??? !
>>
>Several reasons - possibly the one you mentioned.


There are mechanisms for locating the appropriate abuse@ email address
which already exist -- and they do NOT work this way

They start from the connecting IP address and not from any domain or
host name -- for reasons, in a world in which forgery is rife, which
ought to be entirely obvious

If you only have a domain name to hand (such as for an advertised
website) then you resolve that (carefully!) and then proceed on the
basis that you have an IP address

>But I'm thinking about
>comparing the main domain pary of the $sender_address_domain to the
>received lines to see if there is a match.


Then you are wasting your time and ours

You might usefully read Joshua Goodman's CEAS 2004 paper "IP Addresses
in Email Clients" <URL:http://research.microsoft.com/~joshuago/ipaddres
sesinclients-final.pdf> to see the sort of difficulties that arise when
you start looking at Received lines which you did not add in order to
assess their veracity.

>One problem I'm having is
>something like this:
>
>The sender is autoresponse@???
>But the sending server in the received lines is accounting.paypal.com
>
>So - I want to grab just the "paypal.com" part can see if I can find
>that in the received lines. It's part of my anti-phishing code. The idea
>being that email from paypal.com will come from paypay servers somewhere
>in received.


it's a fine idea, but I note that Paypal make no such promise:

FAQ: "How can I tell the difference between a real PayPal email and a
fake one?" <URL:http://www.paypal.com/cgi-bin/webscr?cmd=_help-
ext&eloc=31&loc=5&unique_id=609971>

- -- 
richard                                              Richard Clayton


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin