I'm reasonably sure that user@ip makes a valid address, but even if it is I don't think I've ever observed it anywhere.
I'm certain that double @ format you mention is invalid unless one of the @'s is inside of quotation marks or parenthesis. e.g.: "Ihave@inMyUsername"@somewhere.com or MyUsername(Ihave@inAComment)@somewhere.com. If you're literally seeing user@domain@ip then I think you could safely reject that simply for having a malformed from: address.
I wouldn't hesitate to reject a message for either reason...but I may tend to shoot first and question later.
I have a brief question. I'll provide my setup though isn't applicable. I'm using SpamAssassin version 3.3.1, on FreeBSD 8.1-RELEASE I'm using Sendmail for my MTA I'm using Procmail for my local My question is: The SMTP protocol allows a return address to be '<u...@ip-address.com>' and 'u...@ip-address.com' and some other variations, I'll assume. My background knows that nearly _all_ mail when transferred uses 'u...@domain-name.com' or '<u...@domain-name.com>' This AM I was researching an email (spam) that I received and the actual (hard-core) email-header and noticed they're using something similar to: "user@some-domain@ip-address" and it's getting through. My _real_ question is: Can't I simply blacklist all/any emails that arrive where they're using 'user@ip-address' - while that's a rhetorical question, (I know I can) but I'm looking for feedback as to why this would not be a good idea. ANY respectable/legitimate MTA uses their domain-name as the latter part of the return address, correct? Feedback is more what I'm looking for on my question versus an answer to 'can I?' do this. I will not care if there is that small percentage of MTA's that are/do legitimately send using the IP address method. (Another discussion, perhaps?) If this is logical, how would I enter that in my local.cf ?? ' blacklist_from @"[0..255].[0..255] .[0..255] .[0..255]" (With/WithOUT quotes?) ...or is the REALLY a very bad idea? Thanks so much for your assistance in advance.
