Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Darren Pilgrim (postfixbitfreak.org)
Date: Mon Jul 16 2007 - 17:43:29 CDT
> I wondered if these 2 principles are applicable in order to struggle spam.
> First, I'd like to check the egality between the sender in the envelop
> (MAIL FROM:) and the sender in the headers (From:). They must be
> identical, mustn't they and if they are now that means a forgery
> somewhere, no ?
There is no required correlation between MAIL FROM and the From: header.
The MAIL FROM is routinely changed in order to work around SPF and
other checks that validate the envelope data against the client (i.e.,
GMail). The From: header is intended for MUA use and is frequently
altered for both legitimate (i.e., mailing lists) and illegitimate
(i.e., joe-jobs) purposes.
> Secondly, I wonder if I'm right when I say that an outbound SMTP must
> also be a MX for the sender domain that come from. Of course I know they
> are not, in an absolute way, correlated.
> But, in real life, how are they correlated ?
In real life, by coincidence. The MX usually also handles outbound
relay when the mail load doesn't warrant the expense of a separate
outbound server. Corporate mail systems often relay through an
ISP-provided server for speed, reliability, RBL dodging, etc. while the
MX host is an in-house server on their static IP. Hobbyist home servers
also tend to relay out through an ISP smarthost to dodge RBLs that
include dynamic IP space, but publish a dynamic-DNS hostname in the MX.
All of these are perfectly valid (though the last is not a good idea).
> In fact if I take big ISP apart (they could be in a static list, a white
> one), the rate of MX being also outbound SMTP is nearly 100%. So why do
> we need SPF :), this same SPF that never took off ?
SPF lets the domain owner explicitly state which hosts are permitted to
send mail from their domain. Correlating outbound servers to MX records
provides no such assurance.