On 02/09, Kris Deugau wrote: > Spammer mail originates from 10.0.0.2 (static IP assigned by ISP). > > PTR record is 2.0.0.10.in-addr.arpa -> exchange.smallbusiness.com > > 2.0.0.10.mtx.exchange.smallbusiness.com -> 127.0.0.1 because this is the > recognized designated outbound relay for Small Business's legitimate > mail, and they've followed your proposal. > > How is the spam to be *not* considered a legitimate sender in this case? > Even if the Exchange server isn't actually processing the email, its > public IP will still be the originating IP of the message.
Blacklist the validating domain smallbusiness.com. Reject all email that has a *.mtx.*.smallbusiness.com record. Just as you would blacklist the sending IP for spamming. As with SPF, I expect this to be quite a lot easier than maintaining a blacklist of spamming IPs. If I'm wrong on that one point, this is useless. Would you still like more detail on what pieces of information I'm looking at, and where I'm getting them from? -- "Anarchy is based on the observation that since few are fit to rule themselves, even fewer are fit to rule others." -Edward Abbey http://www.ChaosReigns.com
