I agree so strongly about not checking against all IPs in the header that I'll probably turn down business from large anti-spam vendors who cannot guarantee in writing that ivmSIP and ivmSIP/24 will ONLY be checked against the actual sending IP. If this means I lose 4-5 figures in annual revenue from future vendors, so be it. (and I don't think any of my current largest subscribers are doing this.)
There is a better system. Work to find ways to better know which headers are forwarders, ignore them, and grab the original sender's 'mta' IP from THAT received header. (not IP the workstation which originated the e-mail, but the mail server IP that officially sent the message on behalf of the sender, but before any other forwarding). This "surgeon's scalpel" approach is not always as easy as the alternative sledgehammer approach, but it is worth the effort. Certain large anti-spam appliance vendors have no excuse for not making this extra effort... and I've seen some egregious FPs (for example... hand-typed messages from an attorney to their client, sent from an IP which doesn't ever send spam) recently caused by such appliances which check all IPs in the header against blacklists. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
