[opendmarc-users] Other suggestions
Andreas Schulze
sca at andreasschulze.de
Mon Dec 30 13:07:26 PST 2013
Zitat von "Murray S. Kucherawy" <msk at blackops.org>:
> 1) If there are multiple addresses in the From: field (yes, this is
> legal), confirm that they're all from the same Organizational
> Domain; reject otherwise.
On one side I feel only some people inside IETF do really *use* multiple From.
Any other multiple From I saw in the last decade was SPAM but anyway
there where
only few. So I would declare for myself:
- There are exactly 0 legitimate reasons for multiple From.
- I will reject any mail using multiple From.
Other people may have other thoughts so the software could offer 2 modes
selectable by the administrator:
- simply reject multiple From
- try to handle multiple From in all strange, untested combinations
any possibly wrong results
> 2) For each domain found in the From: field, confirm that it has an
> MX or A/AAAA record in it so that it's, at least in theory, a
> replyable address; reject if any of them do not.
Normally checking MX or A/AAAA record has to be done by the MTA. But
at least postfix
enforces MX or A/AAAA record only for RFC5821.MailFrom. The value of
RFC5322.From
is just an ordinary header like Date, Subject or X-Foo. From that
point of view: YES
But also here: I saw so many strange, maybe invalid RFC5322.From in
*ham messages*
that I expect a big chance for additional trouble. -> I see the need
for a dynamic reloadable
whitelist. Then: YES.
Andreas
More information about the opendmarc-users
mailing list