Wayne Stallwood wrote:
I wouldn't do that
Some spam filters look through the session transcript and block a message if *any* IP address or host mentioned in it is blacklisted not just the last relay.
Good point - Jonathan's point that trusting other IPs/hosts in the headers is unwise is also a good one, but I don't want to volunteer my email for capture by any mail server where the mail admin has decided to ignore that advice, so my plan falls over.
What I don't understand is why we don't yet have a simple validation capability within email. Eg: publish public key in DNS, sign email using private key, any email which is correctly signed you can be (almost) sure has come from the email client of someone allowed to send email from that domain.
It doesn't restrict the IP you can send from (no problem with roaming with laptop), it doesn't allow any trojan spamming from your machine (and therefore your IP) to be treated as legitimate, it should be fairly simple to add as a plugin for major email clients and mail servers.
I know that it doesn't confirm that the sender is someone you want to hear from, but surely it does confirm that the sender is who they say they are (that would make a large portion of the spam I get much easier to remove). It also means you could bounce spam back to sender (since you know it is their address you'e bouncing to).
What am I missing?