How to whitelist ebay but not ebay spoofs?

George Schlossnagle george@omniti.com
Wed Dec 15 23:18:22 UTC 2004


On Dec 15, 2004, at 6:03 PM, Vernon Schryver wrote:

>> From: George Schlossnagle <george@omniti.com>
>
>>> On Wed, 15 Dec 2004, Gary Mills wrote:
>>> We have ebay in the DCC whitelist like this:
>>>
>>> 	ok	env_from	aw-confirm@ebay.com
>>> 	ok	from	aw-confirm@ebay.com
>>>
>>> Now, we are getting phishing e-mail from all over the place with
>>> those addresses spoofed.  How can we allow one, but block the other?
>>
>> Combine it with eBay's new spf or sender-id record.
>
> That might work, if you can set the ${dcc_notspam} macro in whatever
> sendmail.cf rules you use to check SPF or Sender-ID records.

Well, SPF records don't guarantee no spam, just that the envelope 
domain is accurate[1].  So ${dcc_envelope_is_truthful} would be more 
accurate.  You shouldn't blanket whitelist SPF-passes, just means you 
can reliably check them against domain based whitelist/blacklists.

George

[1]  Modulo all the problems with SPF and forwarders.




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.