WinGate Forums

[labull]

In EMAIL I have checked -

Validate that the sender domain exists.

I recieved an email that has this in its header -

Received: From simmts6-srv.bellnexxia.net (unverified [206.47.199.164]) by SMTP Server [xxx.xxx.xxx.xxx]

This is not a valid domain.

Shouldn't this email be blocked?

Thanks!

Larry

[tim]

In EMAIL I have checked -

Validate that the sender domain exists.

I recieved an email that has this in its header -

Received: From simmts6-srv.bellnexxia.net (unverified [206.47.199.164]) by SMTP Server [xxx.xxx.xxx.xxx]

This is not a valid domain.
Shouldn't this email be blocked?
Thanks!
Larry

This may be caused my Verisigns take over of all non-assigned domains. I'm not sure of the exact technical details at this time, but I know it has been causeing havoc with similar systems world wide. VeriSign has been ordered / requested to stop this, but when and if it happens is another matter.

Tim

[adrien]

Also if the lookup fails for any reason we feel it is better to be safe than sorry. Some DNS servers return error responses for some domains...

[labull]

Turns out that the look-up is for the domain in Mail From: rather than HELO/EHLO.

The spammers are always going to say they're from some legal domain e.g. yahoo.com.

Why not verify the HELO/EHLO domain?

[adrien]

The RFCs advise against any sort of validation against the domain given in the HELO or EHLO command. Basically because that can be anything, not even a resolvable name.

[labull]

Almost all of the SPAM that gets through here is of this flavor and there's a lot of it.

What can we do block this stuff?

[labull]

How about an option to turn on ORDB and DNS checking for all domains listed in the header?

Appropriate caveats about performance degradation would accompany the option.

For me, I’d gladly take the performance hit if it will help eliminate one of the largest parts of my SPAM problem.

Thanks!

Larry