OT: Ebay spam got me thinking
Matt Hampton
matt at coders.co.uk
Fri May 19 20:01:44 IST 2006
Evening
I was thinking last night about some recent Ebay spam that I got and the
thread started by Alex Laslavic ("Rules, and Envelope header forging").
SPF (and domain keys) work well to protect the recipient from forged
envelope. I was thinking about an extension to this - a policy of
whether a domain emails are ever sent with a different domain in the
envelope.
This couldn't be just a simple extension of SPF as this would break the
workarounds for the "send this link to a friend" so it needs to be
possible to implement to a least on a per email basis - I was thinking
that you could put something like this
joe.bloggs at bank.com ALLOW
jane.smith at bank.com ALLOW
support at bank.com RESTRICT
support*@bank.com RESTRICT
In to some form of DNS based lookup.
Any comments (or is there something like this already)?
matt
More information about the MailScanner
mailing list