[Greylist-users] Possible Enhancements

Jason 'XenoPhage' Frisvold friz at godshell.com
Mon Jan 24 18:46:09 PST 2005

James J Dempsey wrote:

>There are lots of spam where the from: field lists a valid user on a valid
>host with a valid MX record.  It just happens to be someone whose name has
>been hijacked for this purpose, not the actual spammer.  This is often
>called a Joe-job.

Yeah..  But the general rule of thumb is that you don't trust the From: 
address..  So..  The only way to accomplish this would be to use the IP 
address of the incoming connection.  Reverse lookup, MX, and callback..  
Might be a bit much, but theoretically it shouldn't be a frequent 
operation.  Once a mailserver has "proven" itself, there's no need to 
look it up again...

>In this case, or in cases where the spammer simply uses "From:
>fill-in-the-blank at yahoo.com", this technique would completely  eliminate the
>effectiveness of greylisting.  Unless I'm not understanding your proposal properly.
>                       --Jim Dempsey--
>                         jjd at jjd.com
>                       http://jjd.com/

Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
friz at godshell.com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
"Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."

More information about the Greylist-users mailing list