Re: Feedback on blacklist rule I plan to write

[Marc Perkel <su...@junkemailfilter.com>]

If it's all spam then why not?

On 10/30/2013 7:41 AM, William A. Fink wrote:
> I have a brief question. I'll provide my setup though isn't applicable.
>
> I'm using SpamAssassin version 3.3.1, on FreeBSD 8.1-RELEASE
>
> I'm using Sendmail for my MTA
>
> I'm using Procmail for my local
>
> My question is: The SMTP protocol allows a return address to be
> '<us...@ip-address.com>' and 'user@ip-address.com' and some other variations,
> I'll assume.
>
> My background knows that nearly _all_ mail when transferred uses
> 'user@domain-name.com' or  '<us...@domain-name.com>'
>
> This AM I was researching an email (spam) that I received and the actual
> (hard-core) email-header and noticed they're using something similar to:
>
> "user@some-domain@ip-address" and it's getting through.
>
> My _real_ question is:
>
> Can't I simply blacklist all/any emails that arrive where they're using
> 'user@ip-address' - while that's a rhetorical question, (I know I can) but
> I'm looking for feedback as to why this would not be a good idea. ANY
> respectable/legitimate MTA uses their domain-name as the latter part of the
> return address, correct?
>
> Feedback is more what I'm looking for on my question versus an answer to
> 'can I?' do this.
>
> I will not care if there is that small percentage of MTA's that are/do
> legitimately send using the IP address method. (Another discussion,
> perhaps?)
>
> If this is logical, how would I enter that in my local.cf ??
>
> ' blacklist_from          @"[0..255].[0..255] .[0..255] .[0..255]"
> (With/WithOUT quotes?)
>
> ...or is the REALLY a very bad idea?
>
> Thanks so much for your assistance in advance.
>
>
>
>
>
>

-- 
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400