Monthly Archives: April 2011

Detecting Email Server Forgery

Most of the spam I see has been sent by servers forging or otherwise obscuring their server identity.  RFC2505 states that the server identity and sender address are easily forged.  Of these, it is easiest to identify server forgery.  Very little, if any, of the personal email has a forged server identity.  Unfortunately, legitimate bulk and automated email often shows signs of server identity.   If you deliver either of these types of email this article will provide information of fixing the situation.

The rules here apply email originating from the Internet only.    Mail User Agents submitting email are expected to violate these rules.  MUAs should use an authenticated encrypted connection to the Submission port (576).  Relay servers should not apply these rules to connections originating form the local network. Continue reading