[Mimedefang] Checking origin of sender
Ian Mitchell
trash at aftermagic.com
Fri Sep 2 12:36:40 EDT 2005
Ok, I'm, sure this is trivial, and I'm sure I haven't checked into it all
the way. But I had an interesting peice of spam make it past my filters to
get sent into a spam free area of my email app. Just wondering what
options out there I could employ to check for stuff like this. Things like
SenderID, SPF and similar probably wouldn't work because of the method
they employed but any ideas are welcome.
HELO junkmail.com
MAIL FROM: <junk at junkmail.com>
RCTP TO: <unwillingvictim at target.com>
DATA
From: "unwillingvictim at target.com" <junk at junkmail.com>
To: "unwillingvictim at target.com" <unwillingvictim at target.com>
...
Now what's the advantage of the above? It appears to come from the
receiver thus allowing it to be filtered on appropriately. Now as long as
the email doesn't break too many of the litterally thousands of other
rules, it will make it through an appear to be legitimate (at least on the
side of the server).
No email from my domain either in the plain text name portion or the
actual sender email address should orgininate outside my domain's SPF
record. Any suggestions for hunting and destroying these emails?
Thank you,
Ian Mitchell
More information about the MIMEDefang
mailing list