Benny Pedersen a écrit :
> On Mon, December 8, 2008 05:25, [EMAIL PROTECTED] wrote:
>> mouss said:
>
> bug:
> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
> '$To");
>
> fixed line:
> Mail::SpamAssassin::Plugin::dbg("FromInTo: Comparing '$from' and
> '$To'");
>
Thanks!
>> well, I send mail to myself sometimes. The only way that this mail
>> could go is either straight from the mailserver to my inbox
>
> ALL_TRUSTED or NO_RELAYS hits ?
>
>> (if I am logged in), or from my desktop client, via my mailserver,
>> to the inbox.
>
> this should give ALL_TRUSTED
>
>> So it seems to me that any sender claiming to be _me_ would _auth_
>> to the mailserver.
>
> yes
>
but other people may do it differently. many domains allow their users
to send via ISP/hotel/...
if your domain requires authentication or submission from known systems,
then you can probably block "forgery" without checking the To header.
>> When I implemented this a while ago, some ebay mails violated that,
>> and mails from monster.com. AFAIK, at least ebay has learned that
>> such mails are likely to be caught by various reasons (DKIM?)
I think they got blocked by "reject mail from stranger claiming to be
mine" policy. and SPF may have finished convincing them. now I don't
know if others still use this practice (sending "on behalf" of a user).
>
> DKIM is not a blacklister, but a whitelist based on if sender really
> use monster.com mta mail server or not :)
>
indeed.
