[Esd-l] Smart reply
John Hardin
jhardin at impsec.org
Fri May 17 20:03:01 PDT 2002
On Fri, 2002-05-17 at 15:06, Simon Matthews wrote:
> John,
>
> If I understand correctly, you are going to look up the MX records for the
> domain listed in the Return-Path: and see if it matches the IP address in
> any (?) of the "Received:" lines?
>
> Interesting!
No, that's not quite what I have in mind.
1. extract the domain from the Return-Path: header,
2. see if that domain appears in any of the Received: headers.
It'll suppress incorrectly for some of the larger ISPs (like people with
@earthlink.com addresses sending via @earthlink.net servers) but should
also cut down on the alerts to blatantly forged addresses.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"To disable the Internet to save EMI and Disney is the moral
equivalent of burning down the library of Alexandria to ensure the
livelihood of monastic scribes."
-- John Ippolito of the Guggenheim
-----------------------------------------------------------------------
909 days until the Presidential Election
[demime 0.98e removed an attachment of type application/pgp-signature which had a name of signature.asc]
More information about the esd-l
mailing list