[Mimedefang] Limiting the floodgates

[Ian Mitchell]

Ok, when running a domain one must have certian email addresses that are
just unavoidable, perhaps the technical contact email for your DNS
provider? Ones which can be scooped up through email harvesting. While I
know this technique is old, I think I've thought up an idea on how to
combat it.

A lot of people have asked how to check if an email comes from a certian
person for certian recipients. But my question is can I have some way to
do an nslookup for the MX record of an intended recipient.

For example, say I have an email address of amazon at mydomain.com that I
know is specifically for purchases through amazon. My appologize for the
person who uses amazon at mydomain.com since it will likely get scooped from
this. The goal is to have an inbound email know that email for that
address is specifically allowed only from amazon and to do DNS query for
amazon's authorized email servers. If it's not originating from that
point, it's denied.

I know that this sounds a little like SPF, and it is very similar, it's
just more restrictive and would be intended to be used on very specific
accounts.

Any thoughts on this as a good idea or bad idea? I'm thinking some sort of
conf file that contains a mapping of authorized inbound connection and the
recipeint address and then a function that can do the look up and compair
with what's allowed. Don't figure it'd be too difficult.

The only thing I can figure that makes me questionable is that the
outbound email server for a company does not nessassarily have to have an
MX record in DNS, so detecting if it's legit could be difficult.