[Mailman-Users] Spam filtering

[Mark Sapiro]

Stephen J. Turnbull wrote:

>Geoff Shang writes:
>
> > 2.  One idea I came up with for rejecting spoofed mail is for the 
> > receiving SMTP server to somehow check if the sending one is an MX for the 
> > domain given in the From header.  Are there any obvious problems with this 
> > approach?  Is anyone actually doing this?  It seems so simple that there 
> > surely must be some reason why it's not done.
>
>It is being done, although not via the MX for the reasons Larry Stone
>gives.  What you're looking for is call "SPF" or "DKIM" (these are
>actually two different protocols, and I think with the standardization
>of DKIM, SPF is probably dead).  The way DKIM works is that hosts
>authorized to send mail from a domain are given special resource
>records in their DNS which provide a public key, and then some portion
>of the mail and/or headers is signed with an appropriate private key.


There are still sites that check SPF and will reject mail for an SPF
hardfail.

Note, if you run SpamAssassin, there is a Botnet module[1] available
that will check the MTA that delivered to the trusted local network
has full circle DNS and a host name that doesn't look like a 'home
network' name.

[1] <http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar>

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan