On Tue, 28 Oct 1997, Jordan Mendelson wrote:
I personally do spam filtering for our site. Actually, it's not "spam" filtering per se. If you don't have a domain in the from addr which resolves, your mail is rejected. If you are not a customer of ours and try to relay mail off our servers, your mail is rejected.
This to me seems completely just. Why should you send mail with a false return to address and why if you are not my customer should you send mail?
These are standard features to most sendmail anti-spam/anti-relay patch sets. Now, what about blocking mail if it's passed to you by a host that has no in-addr.arpa record? I've recently started doing this on a few systems since I've found that some spam providers (either because they move too frequently, don't want to be resolved, or just don't have a clue) don't have reverse DNS. I'm blocking several hundred messgaes/day per system and get log entries such as: sendmail[1725]: Ruleset check_relay ([207.199.68.35], 207.199.68.35) rejection: 418 obtain a hostname So far, I've gotten no complaints, so I assume nearly all the mail that can't get in is junk mail.
Now, filtering based on hostname & blackholing is a bit extreme. It limits the user's right to choose. As long as the commercial soliciter has a valid reply-to address which you can use to bitch and complain, then I feel it's fine.
What about valid (i.e. resolvable) from addresses that are invalid for mail delivery? i.e. if you get a lot of spam, surely you've gotten messages from who knows where, claiming From addresses like 897632@aol.com. Sendmail rules will resolve that, but email a complaint there, and it's likely to bounce. I've not figured out a sendmail rule for blocking such mail from: addresses. ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____