Matching domain to sender.

David Lee t.d.lee at DURHAM.AC.UK
Wed Feb 2 15:12:21 GMT 2005 

On Wed, 2 Feb 2005, David Curtis wrote:

> I have not seen this setting and thing that it might prevent a ton of
> spam. I may be wrong. Just your normal System Adin...no super human
> traits.
>
> Can you run some rule to check the senders ip and or domain name and
> match that to the mail from address?
>
> Thanks for any comments.

It may not be as straightforward as it seems on the surface.

Who is the "sender", what is the domain name?

Example: let's imagine a legitimate mail list to which you and I might
both belong.  I, "me at mydom.com", send a message to it, "list at listdom.com",
hosted on machines at an ISP/university/etc. "ISP.com".  You receive this
mail.  But who has been the "sender" from your perspective?

o  The visible "From:" contains my "mydom.com": but that is several
    steps away from the transaction at your site;
o  The SMTP machine (probably the list expander) pushing it to you is
    "something.ISP.com", which bears no direct relation to me (email
    originator) as "sender";
o  The envelope "From" contains "owner-list at listdom.com", which doesn't
    directly trace back to the "ISP.com" DNS names and addresses;
o  The visible "To:" contains "listdom.com" (which, as a text string,
    bears no direct relation to your site).

So your "check the senders ip and or domain name and match that to the
mail from address" becomes non-trivial.

Note that an emerging technology, SPF, is designed to help to address the
email forgery aspects of the problem if, and as, it gains wider acceptance
and use.  Indeed, SpamAssassin 3.x is beginning to take account of it.
By its very nature, it needs time to ramp up.  (It has a few "no pain, no
gain" implications, but that's part of life in these spam-riddled days,
and no-one has yet come up with a better, and even more widely acceptable,
compromise.)

Hope taht helps.


--

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list