[Mimedefang] New spammer trick?

Joseph Brennan brennan at columbia.edu
Tue Nov 25 12:41:25 EST 2003

>  The other thing I see a lot of is spam from faked aol.com and yahoo.com
> addresses. I can tell by looking at the headers that a message from
> blah at aol.com that's relayed via ES152093.user.veloxzone.com.br is
> obviously  forged, but does anyone have a definitive list of _outgoing_
> MTAs used by the  likes of aol and yahoo? It would cut down enormously
> the amount of time I  spend looking through quarantine notifications if I
> could simply do a check  for something like
> if ( $Sender ~ /aol.com$/ and ($Relay !~ /aol.com$/ or $Relay !~
> /my.backup.mx$/) ) { return("REJECT","blah");}

You'd be enforcing something unexpected, that mail with aol.com
in the From line may only be sent via AOL's service, etc.  You'd
be prohibiting them from sending mail with any other software
with their aol.com address in the From.  You might also be
prohibiting mail sent via some sorts of mailing lists and
group discussion thingies.

That said, I've heard a rumor that AOL is enforcing exactly this,
rejecting mail from outside that claims to be from an aol.com
address.  If that flies, then the rest of us could consider it.

Joseph Brennan         Columbia University in the City of New York
Academic Technologies Group                   brennan at columbia.edu

More information about the MIMEDefang mailing list