The "From" header field is really somewhat insignificant in the whole scheme. There are plenty of instances where you would "legitimately forge" the domain included within the "From" header field, example, moving from a hotmail to a gmail account.
Checking the domain used in the MAIL FROM attribute in the SMTP handshake sure..verifying the connecting IP against the SPF records for the domain in the MAIL FROM.
i agree with the remark above concerning RBL's currently being extremely effective. More addresses = more zombie systems = that many more IP addresses to add to the RBL. zones can be queried relatively quickly currently. 64 bit addressing could slow that down ridiculously.
limited addresses means limited range of attack. im not saying we wont get there eventually, but IMHO this would hurt us with the spam problem before it would make things better. greylisting - not feasible in high volume environments where delays arent tolerable. much of SA's power comes from the various RBL lookups that can be configured within it. Without them, it's just another mediocre filter, with an unacceptible false positive rate.
Slashdot Mirror
The "From" header field is really somewhat insignificant in the whole scheme. There are plenty of instances where you would "legitimately forge" the domain included within the "From" header field, example, moving from a hotmail to a gmail account.
Checking the domain used in the MAIL FROM attribute in the SMTP handshake sure..verifying the connecting IP against the SPF records for the domain in the MAIL FROM.
i agree with the remark above concerning RBL's currently being extremely effective. More addresses = more zombie systems = that many more IP addresses to add to the RBL. zones can be queried relatively quickly currently. 64 bit addressing could slow that down ridiculously. limited addresses means limited range of attack. im not saying we wont get there eventually, but IMHO this would hurt us with the spam problem before it would make things better. greylisting - not feasible in high volume environments where delays arent tolerable. much of SA's power comes from the various RBL lookups that can be configured within it. Without them, it's just another mediocre filter, with an unacceptible false positive rate.