OT: Ebay spam got me thinking

Matt Hampton matt at coders.co.uk
Fri May 19 20:01:44 IST 2006


I was thinking last night about some recent Ebay spam that I got and the
thread started by Alex Laslavic ("Rules, and Envelope header forging").

SPF (and domain keys) work well to protect the recipient from forged
envelope.  I was thinking about an extension to this - a policy of
whether a domain emails are ever sent with a different domain in the

This couldn't be just a simple extension of SPF as this would break the
workarounds for the "send this link to a friend" so it needs to be
possible to implement to a least on a per email basis - I was thinking
that you could put something like this

joe.bloggs at bank.com	ALLOW
jane.smith at bank.com	ALLOW
support at bank.com	RESTRICT
support*@bank.com	RESTRICT

In to some form of DNS based lookup.

Any comments (or is there something like this already)?


More information about the MailScanner mailing list