[Greylist-users] Possible Enhancements
Jason 'XenoPhage' Frisvold
friz at godshell.com
Mon Jan 24 18:46:09 PST 2005
James J Dempsey wrote:
>There are lots of spam where the from: field lists a valid user on a valid
>host with a valid MX record. It just happens to be someone whose name has
>been hijacked for this purpose, not the actual spammer. This is often
>called a Joe-job.
>
>
Yeah.. But the general rule of thumb is that you don't trust the From:
address.. So.. The only way to accomplish this would be to use the IP
address of the incoming connection. Reverse lookup, MX, and callback..
Might be a bit much, but theoretically it shouldn't be a frequent
operation. Once a mailserver has "proven" itself, there's no need to
look it up again...
>In this case, or in cases where the spammer simply uses "From:
>fill-in-the-blank at yahoo.com", this technique would completely eliminate the
>effectiveness of greylisting. Unless I'm not understanding your proposal properly.
>
> --Jim Dempsey--
> jjd at jjd.com
> http://jjd.com/
>
>
--
---------------------------
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
friz at godshell.com
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
---------------------------
"Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."
More information about the Greylist-users
mailing list