Author: Ian Eiloart Date: To: Renaud Allard, Odhiambo Washington, exim-users Subject: Re: [exim] spammers have beat me to the game!
--On 4 July 2006 20:54:37 +0200 Renaud Allard <renaud@???> wrote:
> There is nothing in those headers that suggests they have been
> authenticated on your servers. They _may_ have been authenticated at
> 204.9.186.196 (Florida), but nothing 100% sure.
> Anyway, you should request that everything coming from
> something@yourdomain is either authenticated, either coming from a
> trusted or known IP. Many will suggest this is like SPF, and it is a
> little bit true, but I think this is an acceptable drawback for your own
> domains.
>
Yes, we require that email from our domain has been through our servers -
either authenticated or from a dwindling set of local hosts. We have had a
few problems with external web services trying to use our domain, but in
general the service providers have relented and fixed the problem.
We stamp outgoing mail with a trivial header, so that external list
expanders don't screw things up for local subscribers. We could use some
clever hashing mechanism, but haven't seen the need yet.
So, there are three ways to send email from our domain to a local user:
authenticate against our ldap server, use a local host to send the email
through our server, or add the header.
It works so well that I filter mail from our domains into a spam free
mailbox - which is great for ensuring that my bosses' mail doesn't get lost
in spam.
