Gino Cerullo writes: > part 1.2 text/plain 1027 > On 30-Aug-06, at 1:10 PM, Michael Grey wrote: > > > Are there any SA methods that allow verification of the sender of > > an email ? > > > > I am aware of SPF which can confirm that a host at ip address > > x.x.x.x is authorized to send mail as from domain A, but how > > about a means to confirm that [EMAIL PROTECTED] actually is a > > real user before accepting mail from him ? > > > I don't believe SA can do that as it's a content filter. Some MTAs > can do this and this is were you want those kinds of verifications to > happen, before DATA. The problem is that if you do it for every > address you will get false positives, especially from sources like > mailing lists, news & info subscriptions, etc., and you'll find > yourself whitelisting alot. > > I actually do this using Postfix but I use a table of 'frequently > forged domains' whose addresses are verified before they are allowed > to pass on to the content filters.
It's also worth noting that doing this is counterproductive in an overall strategy sense, since it drives the spammers to simply use known-valid third-party addresses -- such as random addrs from their target address list -- as the forged source of the spam. The end result for us end users, is a massive increase in "spam blowback", which is what we've seen since those MTAs implemented it. :( --j.
