[Mimedefang] Checking origin of sender

Matthew.van.Eerde at hbinc.com Matthew.van.Eerde at hbinc.com
Fri Sep 2 13:41:42 EDT 2005


Ian Mitchell wrote:
> HELO junkmail.com
> MAIL FROM: <junk at junkmail.com>
> RCTP TO: <unwillingvictim at target.com>
> DATA
> From: "unwillingvictim at target.com" <junk at junkmail.com>
> To: "unwillingvictim at target.com" <unwillingvictim at target.com>
> ...

And presumably your server adds
Return-Path: junk at junkmail.com

> Now what's the advantage of the above? It appears to come from the
> receiver thus allowing it to be filtered on appropriately. Now as
> long as the email doesn't break too many of the litterally thousands
> of other rules, it will make it through an appear to be legitimate
> (at least on the side of the server).
> 
> No email from my domain either in the plain text name portion or the
> actual sender email address should orgininate outside my domain's SPF
> record. Any suggestions for hunting and destroying these emails?

I work on a site that has an "email this to a friend" feature... the above is more or less EXACTLY how I implement that.  How would you suggest I do it so that you could send something to yourself?  Or someone else could send something to you?

HELO myserver.mydomain.example.com
MAIL FROM: <sender at mydomain.example.com>
RCPT TO: <theirfriend at yournetwork.example.org>
DATA

From: "well-meaning-person at theirnetwork.example.info" <sender at mydomain.example.com>
To: "theirfriend at yournetwork.com" <theirfriend at yournetwork.com>
Sender: <sender at mydomain.example.com>

And your server adds
Return-Path: sender at mysite.example.com

My SPF record does include myserver.mydomain.example.com

-- 
Matthew.van.Eerde (at) hbinc.com               805.964.4554 x902
Hispanic Business Inc./HireDiversity.com       Software Engineer




More information about the MIMEDefang mailing list