[Esd-l] Smart reply

John D. Hardin jhardin at impsec.org
Sun May 19 10:39:01 PDT 2002

On 17 May 2002, John Hardin wrote:

> 1. extract the domain from the Return-Path: header,
> 2. see if that domain appears in any of the Received: headers.
> It'll suppress incorrectly for some of the larger ISPs (like people with
> @earthlink.com addresses sending via @earthlink.net servers) but should
> also cut down on the alerts to blatantly forged addresses.

Okay, I have the first cut of this in the devel snapshot (1.135pre6).

1) If a Return-Path: header does not exist, NOTIFY_SENDER is disabled.
This means you should verify your MTA is generating a Return-Path:

2) If the message appears to have come in from a mailing list, then
NOTIFY_SENDER is disabled.

3) If the domain in the Return-Path header is not supported by the
domains in the Received: chain, NOTIFY_SENDER is disabled.

4) To prevent the above processing, define the variable 

Comments are solicited.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
 "To disable the Internet to save EMI and Disney is the moral
  equivalent of burning down the library of Alexandria to ensure the
  livelihood of monastic scribes."
                                    -- John Ippolito of the Guggenheim
   898 days until the Presidential Election

More information about the esd-l mailing list