Or a spammers adds a Received line that makes it appears as if the message was relayed through bondedsender.com. Easily done. To the best of my knowledge, I think DNSBl lookups are only done on the IP communicating with your MTA. That's what I've always experienced with the DNSBls I use from Sendmail. SA could very well look back through a couple Received lines though. Can't say for certain. Seems unlikely to me though.
Justin On Thu, 17 Oct 2002, Matt Kettler wrote: > Bonded sender isn't a header, it's a DNS whitelist. So bonded sender lists > the IP addresses of mailservers and SA checks the IPs in the received-from > headers. I'm not sure how far back SA goes, but it presumably only checks > the most recent few received-from headers, which makes it hard to spoof > unless you find a server in bonded sender which is an open relay. > > At 12:38 PM 10/17/2002 -0400, Mike Schrauder wrote: > >Thanks Chris and John. This address recieves 0 legit mail. I only kept > >it around for testing SA. But in truth, it is CNET mail that looks like > >legit opt-in email. Might just be a legit glitch in CNETs db. I had not > >heard of bondedsender.com. Thanks for the info. How do they prevent > >spammers from spoofing bonded sender headers? Thanks. > > > >Mike Schrauder ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
