> [A side note - many systems are now moving to "MX record > verification". If you send mail from "[EMAIL PROTECTED]" using your local > server, it won't arrive at its destination from the "correct" server, > i.e., one listed as being an official mail exchanger for inwind.it. > This would be rejected. We are looking at adding this type of > filtering to our system, because it would mean those thousands of > spammers who claim HOTMAIL.COM accounts would only get through if it > came from a HOTMAIL.COM server...]
Be prepared to bounce a huge amount of legit mail if you do that, including just about everyone who has their own domain or travels or has a split mail server setup. Either that or make sure tha you only do that for yahoo/hotmail/eudoramail/etc that are known problems. For example. soroos.net (my family domain) has an inbound mx where we get our mail. My mail goes out from my linux box at home, attbi when I'm at my gf's house, my office's outbound mail machine when I'm at work, and speakeasy when I'm on the road. My parents go through earthlink. None of these are the inbound mx machines for this domain. But It's all legit traffic. My office has 2 outbound mail servers and several inbound ones for the domains we host. You'd block all of those. You'd block our customers, who send through their ISP's mailserver and collect mail from us. And again, it's all legit traffic. A better approach would be to have spamassassin look for forged headers or message id's added by a relay. eric
