Tool for validating sender address as spam-fighting technique?
Marcelo Maraboli
marcelo.maraboli at usm.cl
Mon Mar 12 16:11:41 UTC 2007
John L wrote:
>> I phrased it wrong. You are not responsible for the content, but you
>> are responsible for the mail domain and that includes verifying that
>> mail is validly from your domain you are responsible for.
>
> Oh, OK. So if someone sends pump and dump with a chad at shire.net return
> address, and I do a callback and your MTA says "yup! that's a 100% valid
> address!" then I turn you in to the SEC, rignt? You have now confirmed
> that the mail is from you, after all. Or if you haven't, what purpose
> did the callback serve?
>
> There is some reasonable validation technology coming along, most
> notably DKIM which which I presume you are familiar. But callbacks are
> not it.
>
I agree..... callbacks are not enough, you can reach a
false conclusion, that´s why I use SPF along with callbacks...
on the same message, my MX concludes:
"you are sending email "from chad at shire.net", but shire.net
says YOUR IP address is not allowed to send email on behalf
of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject
regards,
--
MSc. Marcelo Maraboli Rosselott
Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer)
Ingeniero Civil Electronico, CISSP (Electronic Engineer, CISSP, MSc.)
Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria phone: +56 32 2654071
Chile. http://www.usm.cl http://elqui.dcsc.utfsm.cl
More information about the freebsd-questions
mailing list