At 03:05 PM 2/9/2004, Charles Gregory wrote:
>Along a similar line, is there any way to cross-check the 'from' address
>against the 'received' headers so that in cases where they don't match, we
>can perhaps decide not to 'bounce' the mail if it is undeliverable?
Check out
http://spf.pobox.com/ - it actually works on the envelope sender,
not the From: header, but since that's where bounces should go, it should
do the trick - once it's widely adopted.
Basically, the owner of a domain name adds a DNS record indicating what
servers are allowed to send legitimate mail using their name. Then the
receiving mail server checks to make sure the system contacting it is on
the approved list. Dealing with forwarders gets a bit complicated, but
there are some high-profile sites already testing it out, like AOL,
gnu.org, etc.
SpamAssassin support for SPF is in the works for 2.70.
Kelson Vibber
SpeedGate Communications <www.speed.net>