Matching domain to sender.

Stewart M. Ives ivessm at softecusa.com
Thu Feb 3 16:53:58 GMT 2005 

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

David certainly points out a lot of details that many times get overlooked in
our ever desire to stop spam at the front door and not let it even cross the
door frame and get inside.

You might want to start reading up on milter applications.  milter-ahead and
it's big brother milter-send are excellent programs that function "out in
front" of everything else and stop the mail from crossing the door frame and
getting inside.  They also do a good job of wittling down the amount of spam
you recieve over time.

I have not implemented any of this but am considering it based on the ever
increasing amount of spam we are receiving on a daily basis.

Let us know what you find.  Do a google on "milter" - short for mail filter.

Good luck.

I also am not a super human guru but please don't tell my wife that.

stew



---------- Original Message -----------
From: David Lee <t.d.lee at DURHAM.AC.UK>
To: MAILSCANNER at JISCMAIL.AC.UK
Sent: Wed, 2 Feb 2005 15:12:21 +0000
Subject: Re: Matching domain to sender.

> On Wed, 2 Feb 2005, David Curtis wrote:
>
> > I have not seen this setting and thing that it might prevent a ton of
> > spam. I may be wrong. Just your normal System Adin...no super human
> > traits.
> >
> > Can you run some rule to check the senders ip and or domain name and
> > match that to the mail from address?
> >
> > Thanks for any comments.
>
> It may not be as straightforward as it seems on the surface.
>
> Who is the "sender", what is the domain name?
>
> Example: let's imagine a legitimate mail list to which you and I
> might both belong.  I, "me at mydom.com", send a message to it,
> "list at listdom.com", hosted on machines at an ISP/university/etc.
> "ISP.com".  You receive this mail.  But who has been the "sender"
> from your perspective?
>
> o  The visible "From:" contains my "mydom.com": but that is several
>     steps away from the transaction at your site;
> o  The SMTP machine (probably the list expander) pushing it to you is
>     "something.ISP.com", which bears no direct relation to me (email
>     originator) as "sender";
> o  The envelope "From" contains "owner-list at listdom.com", which doesn't
>     directly trace back to the "ISP.com" DNS names and addresses;
> o  The visible "To:" contains "listdom.com" (which, as a text string,
>     bears no direct relation to your site).
>
> So your "check the senders ip and or domain name and match that to
> the mail from address" becomes non-trivial.
>
> Note that an emerging technology, SPF, is designed to help to
> address the email forgery aspects of the problem if, and as, it
> gains wider acceptance and use.  Indeed, SpamAssassin 3.x is
> beginning to take account of it. By its very nature, it needs time
> to ramp up.  (It has a few "no pain, no gain" implications, but
> that's part of life in these spam-riddled days, and no-one has yet
> come up with a better, and even more widely acceptable, compromise.)
>
> Hope taht helps.
>
> --
>
> :  David Lee                                I.T. Service          :
> :  Senior Systems Programmer                Computer Centre       :
> :                                           University of Durham  :
> :  http://www.dur.ac.uk/t.d.lee/            South Road            :
> :                                           Durham                :
> :  Phone: +44 191 334 2752                  U.K.                  :
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
------- End of Original Message -------

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list