[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Filtering incoming SMTP "from" your domain via SS
Title: Message
You were correct in saying we want to prevent spammers from dumping
things into our net and have them appear to be from our net. In one
example:
Let's say someone sitting on their home dialup does this to our Internet
SMTP server:
MAIL FROM: [email protected]
DATA
Hey baby, let's hook up.
.
We don't want that to happen... We would want the firewall to say
"hey, since foxboro.com is internal, it can't be the
source!"
I'm trying to determine what things could go wrong and could the security
service have a problem doing it...
Clayton
I'm
a little confused. If someone is sending legitimate email to [email protected], you're accepting
it. If the 'from' email address is forged to be [email protected], but the to
address is still [email protected],
there is a legitimate recipient for the message on your
network.
I'm
trying to determine the benefit to putting in the no-forge restriction.
Is the idea to prevent spammers from dumping things into your net? If
so, it's an interesting idea, but the spam I get rarely forges the from
address as being specifically from *my* domain.
On
its face it sounds like added complexity with minimal benefit. Could you
perhaps clarify the intended goal?
Here's the scenario: We block all
incoming mail not destined for our mail domains (to block relay) but we are
also considering not allowing people to deliver mail to us that appear to
come from our domain. Confusing?
Simply put, should we allow someone
from the Internet to deliver to our SMTP server "From: [email protected]"
"To: [email protected]" since all mail from foxboro.com should come from
internal? What would be the downsides of blocking someone from
the Internet who tries to do that?
And, can we do that in a
resource...? I only think it works for the destination domain, not the
source domain of the email.
Thanks much.
Clayton