How to detect forged From and Reply-to addresses from your own domain

[Mark Sapiro]

On 11:59 AM, Daniel Straka wrote:
> Jules,
> 
> This is working quite well on the MailScanner server that only
> receives messages. What might be the drawbacks to leaving this rule
> in place? I haven't seen any FP's yet and it's marked a thousand
> messages as spam already. If there's not really any drawbacks...would
> there be a similar rule for a MailScanner server that receives and
> sends mail for our domain?


For drawbacks to Jules' suggestion (possibly to the whole idea),
consider the following:

You are my employer.

I set up a pop3 or imap account on my MUA at home to access my work mail.

My ISP redirects all port 25 connects to its own servers so even if I
know what I'm doing, I can't use your MTA for my outgoing mail for this
account.

Now, all my replies from home to my co-workers will be seen as spam
because they are From: my work address, but the sending MTA is my home ISP.

The same problem exists if SPF is used.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan