RBL checks

Matt Kettler mkettler at EVI-INC.COM
Tue Nov 26 19:13:10 GMT 2002


Julian, you do realize this is about blacklists right?

Checking blacklists (ie: orbs, SBL, etc) back to arbitrary depth (excluding
the originating IP if the blacklist contains a DUL) is not a risk. All the
spammer can gain by forging an IP is getting themselves blacklisted... and
as far as I'm concerned, they can help themselves to all the blacklisting
they want.

Now whitelist checking, ie: bondedsender, etc, needs to only be done on
trusted headers.. because there the spammer can do what you suggest.

At 06:37 PM 11/26/2002 +0000, Julian Field wrote:
>No. The only way to do that is to try and parse it out of the headers, and
>it is trivial for spammers to fake (I'm surprised how few do at the
>moment). All they need do is directly attack your mail server making the
>mail appear to come from somewhere safe and you will let it all in.



More information about the MailScanner mailing list