|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: MAIL FROM forged with local (virtual) user address
From: Adrian von Bidder (avbidder
fortytwo.ch)
Date: Thu Jul 28 2005 - 01:55:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wednesday 27 July 2005 19.40, Piotr KUCHARSKI wrote:
> On Sat, Jul 23, 2005 at 10:34:23AM -0400, Jorey Bump wrote:
> > Address verification seems risky. Has anyone on the list experienced
> > negative effects (extra load, extra delay, blacklisted due to verifying
> > spamtraps, etc.)?
>
> Not much of that. However one other thing is kind of troublesome:
> sites that send incorrectly configured mails with a from of, say,
> wwwmachine.dom.ain, no smtpd listener on this machine and no MX
> for it.
>
> When such mail is send by automaton (like www forms), it is
> basicly lost.
So?
The degree I'm prepared to bend over backwards to support badly
misconfigured systems that want to send mail to me is severely limited.
Yes, on a high-volume site, with many users etc., it may be that continuous
complains about mail not working make it easier not to do any kind of
sender address verification (or even just rejections on unknown sender
domain etc.), but in principle if people send mail with bogus envelope
senders, they shouldn't expect the system to work properly.
Obviously, just my ¤.02
-- vbi
--
Today is Prickle-Prickle, the 63rd day of Confusion in the YOLD 3171
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
iKcEABECAGcFAkLogXpgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l6dlwAn3U66XkaeBeAYdFdGK2vcy+e
bBmUAKCyOgTH6/VAPVoYQr2EjMx8kUY00g==
=lrlv
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]