RE: Reject based on 'to' field?

Magnus B=E4ck says ...
> Jason Gauthier <jgauthier@lastar.com> wrote:
>=20
> > I want to implement an *additional* policy to do this. I already
> > check recipients. This isn't being driven from me, so I can't fire
> > back to the people driving this "bad idea, forget about it" without
> > a good cause.
> >=20
> > If you can supply one, that'd be great. But I have to come up with
> > something so my 3 person department is not reviewing 5000+ messages
> > a day. We cannot keep up with it.
>=20
> You can tell the morons in charge that there is no relation between
> the To: header and the actual recipients, and there must certainly
> not be any requirement that they match. If you implement this policy,
> you'd also be rejecting mailing list postings, various=20
> newsletters etc.

And CC: and BCC: copies, as well, I would think. =20

> > Limiting the To: would drop off another 25-50% of all spam messages.
>=20
> Shutting down the mail server would drop off 100% of all spam=20
> messages.

If reducing the spam load is the objective, perhaps Jason could suggest =
an
alternate plan, rather than just say "No" to the bosses.

If there are particular "fake addresses" you can spot, that's one thing, =
but
if it's just the presence of a "To:" address that's not a legal one at =
your
site, well, reject that and you will reject all sorts of legitimate =
mail.

If you haven't implemented Jim Seymour's anti-UCE stuff, do that. If =
you
have, or if you do, and it's not enough, there's a good bit more you can =
do
along those lines. Then there's SpamAssassin....=20

If rejecting spam were as easy as detecting the "correct" "To:" address, =
no
one would have a spam problem.

-Shel