Re: [exim] Transparently faked domains

Top Page
Delete this message
Reply to this message
Author: Dave Evans
Date:  
To: exim-users
Subject: Re: [exim] Transparently faked domains
On Wed, Nov 21, 2007 at 12:29:27PM +0100, Marcin Krol wrote:
> Received: from oldieszuhause.de ([212.227.100.209]:60637)
> by da2.domeny.com with esmtp (Exim 4.67)
> (envelope-from <s.wyczawski@???>)
>
> Obviously, envelope-from address is faked.


Why do say it is obvious? It's not obvious to me.

> (snip algorithm to compare reverse DNS to sender's domain name)
>
> Could this work? Pros? Cons?


You might find some mileage in decreasing the spam score of the RDNS does
match the MAIL FROM domain (for fuzzy, hand-waving definition of "match").
Try it and see what works for you.

IIRC this sort of idea has been discussed several times in this list already;
I'm sure if you search the archives you'll find the pros and cons put forward
on those occasions.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey