-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
"CVR" == Chuq Von Rospach "Re: [Mailman-Developers] FYI -- mailback validations no longer safe?" Sat, 9 Dec 2000 15:20:08 -0800
CVR> Second idea puts the onus on the list admin. There is one
CVR> other identifying piece of info we know about the poster that
CVR> can't be forged. it is the IP address of the machine that
CVR> relays the mail to your MLM machine. All of the OTHER
CVR> received lines can be forged, but the one your server adds to
CVR> tell you who it got the mail from -- the direct connection --
CVR> can't be (or you have bigger problems).Would you unconditionally accept postings received at your list host from a backup MX?
Once the SMTP-relay check is deployed the spammer will just relay through one of the target's MX hosts[1].
Checking back through the trace of backup mx hosts could get messy considering the variations in received header fields, no?
jamFootnotes: [1] I've noticed senders that get rejected by MTA anti-spam measures try a backup MX host shortly thereafter.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: OpenPGP encrypted mail preferred. See <http://www.gnupg.org/>
iEYEARECAAYFAjoy3f4ACgkQUEvv1b/iXy8LPgCdFDtLWwICvI9LJEL+dpmXqnqQ c1wAn1Y5liEbzdKzgj2+n8ZtNm8Pvw9T =mMZC -----END PGP SIGNATURE-----