[opendmarc-users] Other suggestions

Andreas Schulze sca at andreasschulze.de
Mon Dec 30 13:07:26 PST 2013


Zitat von "Murray S. Kucherawy" <msk at blackops.org>:

> 1) If there are multiple addresses in the From: field (yes, this is  
> legal), confirm that they're all from the same Organizational  
> Domain; reject otherwise.

On one side I feel only some people inside IETF do really *use* multiple From.
Any other multiple From I saw in the last decade was SPAM but anyway  
there where
only few. So I would declare for myself:
  - There are exactly 0 legitimate reasons for multiple From.
  - I will reject any mail using multiple From.

Other people may have other thoughts so the software could offer 2 modes
selectable by the administrator:
  - simply reject multiple From
  - try to handle multiple From in all strange, untested combinations  
any possibly wrong results

> 2) For each domain found in the From: field, confirm that it has an  
> MX or A/AAAA record in it so that it's, at least in theory, a  
> replyable address; reject if any of them do not.

Normally checking MX or A/AAAA record has to be done by the MTA. But  
at least postfix
enforces MX or A/AAAA record only for RFC5821.MailFrom. The value of  
RFC5322.From
is just an ordinary header like Date, Subject or X-Foo. From that  
point of view: YES

But also here: I saw so many strange, maybe invalid RFC5322.From in  
*ham messages*
that I expect a big chance for additional trouble. -> I see the need  
for a dynamic reloadable
whitelist. Then: YES.

Andreas




More information about the opendmarc-users mailing list