12 May
2008
12 May
'08
11:01 a.m.
Ed W wrote:
Personally I don't like fake "senderbcc" address for every user. This my catch a lots of spam in "sent" folders.
you are confusing sender bcc with virtual aliases.
What about spam with a faked FROM address which seems to be from a local user? I think the point is that this strategy can cause a copy of the spam to end up being added as a sent item.
there are two cases:
- you enforce authentication and sender-login match. in this case, you detect forgeries
- you don't. in this case, you can't detect forgeries. and a header won't help. the whole approach breaks.
The extra header field was being added presumably to identify real sent mail from faked spam and hence only add real sent messages to the sent folder?
and how do you add a header only to "really" sent mail? and anyway, how do you deliver a _copy_? remember that this is outgoing mail and won't naturally go through dovecot.