How to whitelist ebay but not ebay spoofs?

George Schlossnagle
Wed Dec 15 23:18:22 UTC 2004

On Dec 15, 2004, at 6:03 PM, Vernon Schryver wrote:

>> From: George Schlossnagle <>
>>> On Wed, 15 Dec 2004, Gary Mills wrote:
>>> We have ebay in the DCC whitelist like this:
>>> 	ok	env_from
>>> 	ok	from
>>> Now, we are getting phishing e-mail from all over the place with
>>> those addresses spoofed.  How can we allow one, but block the other?
>> Combine it with eBay's new spf or sender-id record.
> That might work, if you can set the ${dcc_notspam} macro in whatever
> rules you use to check SPF or Sender-ID records.

Well, SPF records don't guarantee no spam, just that the envelope 
domain is accurate[1].  So ${dcc_envelope_is_truthful} would be more 
accurate.  You shouldn't blanket whitelist SPF-passes, just means you 
can reliably check them against domain based whitelist/blacklists.


[1]  Modulo all the problems with SPF and forwarders.

More information about the DCC mailing list

Contact by mail or use the form.