Charles Cazabon wrote:
> >After going and looking at these, I'd say stay far, far away from them.
> >Based on the example regular expression file the author claims to use, it
> >appears the author knows little about SMTP or RFC822. In Dan's words,
> >something like this would "bounce a huge amount of legitimate mail and a
> >moderate amount of spam".
Eric Pretorious <[EMAIL PROTECTED]> wrote:
> From the Web site www.flame.org/qmail/:
>
> >Incoming MAIL FROM: addresses are verified to be returnable by requiring an
> >MX or A record for the host given.
>
> Is there a method to verify that the "From:" field contains a working
> address before accepting the message? (I've heard of this approach
> somewhere...)
I believe the author is referring to the envelope sender when he says "MAIL
FROM: addresses", not the contents of any possible From: header. His lack of
clear terminology is one of the things that reduces my confidence in those
patches.
But to answer your question: verifying the contents of a "From:" header
buys you nothing. A message doesn't even have to contain such a header
(in practice; the RFC may require it). Verifying the envelope recipient
buys you little or nothing; most spam uses a valid domain in the envelope
sender. In fact, "verifying" the sender is impossible; the only way to
truly verify an email address is to send mail to it, and then phone the
recipient to see if they got it (i.e. a reply might be lost).
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
