On Mon, 4 Jun 2012, Matt Simerson wrote: > > On Jun 4, 2012, at 9:26 AM, Charlie Brady wrote: > > > On Sat, 2 Jun 2012, Matt Simerson wrote: > > > >> Is it a good idea to validate that the MAIL FROM address is the same as > >> the From: header in the message? ... > > Also wouldn't work well for mailing list messages. > > Aye, good one. > > Exception #1: mailing lists > > I should be able to detect mailing lists though. For example, this list > has a Mail-List header.
You mean Mailing-List. Other mailing lists have different headers - e.g. LKML has X-Mailing-List. Others may have none. > I'd expect that most lists would similarly mark up the message. Is "similarly" good enough? Are you going to enumerate all the variations? > I don't anticipate using From validation as a condition for rejection, > but if you aren't a mailing list, and you aren't ( OTHER EXCEPTIONS > HERE), then I might want to ding your karma for having a forged From > header. Maybe. > In addition to whatever value it might have for Bayesian filters, it may > be useful to always add an X-From: header, so that diagnosing email > problems like my client with the forged From: header would be easier. I > had to grep through his server logs to see how the spammer bypassed the > SPF and SA tests. (SA only sees From: and SPF only uses MAIL FROM). > > I wonder if X-Rcpt-To should be similarly added. Consult RFCs before you mess with any headers. > Has this been done before? Should it be? > > Matt
