Re: Extending XBL to all untrusted

> On Mon, 2009-07-13 at 18:28 +0200, Matus UHLAR - fantomas wrote:
> > > On Mon, 2009-07-13 at 17:19 +0200, Matus UHLAR - fantomas wrote:
> > > > > On Fri, 3 Jul 2009, RW wrote:
> > > > > > I understand that Spamhaus doesn't recommend this, because dynamic IP
> > > > > > addresses can be reassigned from a spambot to another user, but I added
> > > > > > my own rule it does seem to work. In my mail it hits about 9% of my
> > > > > > spam, with zero false-positives.
> > > >
> > > > On 13.07.09 14:22, Tony Finch wrote:
> > > > > You will get false positives from senders that are using remote message
> > > > > submission, and from some webmail users if their server puts the webmail
> > > > > client IP address in the message headers.
> > > >
> > > > agreed, although, some kind of authentication should be done in either case,
> > > > which should prevent the rules from hitting, but many ISPs and ESPs don';t
> > > > push auth informations to Received: headers...
> >
> > On 13.07.09 16:26, richard@... wrote:
> > > Do the RFC's state that they need to?
> >
> > yes, RFC4954 in section 7 does
> >
> Where - I don't see it say it needs to "push auth informations to
> Recieved: Headers";
>
>
> 7.  Additional Requirements on Servers
>
>
>    As described in Section 4.4 of [SMTP], an SMTP server that receives a
>    message for delivery or further processing MUST insert the
>    "Received:" header field at the beginning of the message content.
>    This document places additional requirements on the content of a
>    generated "Received:" header field.  Upon successful authentication,
>    a server SHOULD use the "ESMTPA" or the "ESMTPSA" [SMTP-TT] (when
>    appropriate) keyword in the "with" clause of the Received header
>    field.
>
> Am I missing what you are saying here?
>