[Esd-l] Smart reply

John Hardin jhardin at impsec.org
Fri May 17 20:03:01 PDT 2002

On Fri, 2002-05-17 at 15:06, Simon Matthews wrote:
> John,
> If I understand correctly, you are going to look up the MX records for the
> domain listed in the Return-Path: and see if it matches the IP address in
> any (?) of the "Received:"  lines?
> Interesting!

No, that's not quite what I have in mind.

1. extract the domain from the Return-Path: header,

2. see if that domain appears in any of the Received: headers.

It'll suppress incorrectly for some of the larger ISPs (like people with
@earthlink.com addresses sending via @earthlink.net servers) but should
also cut down on the alerts to blatantly forged addresses.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
   909 days until the Presidential Election

[demime 0.98e removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the esd-l mailing list