That makes sense. If somebody did spam from within the administrative
domain, presumably the admins could deal with that person. Thanks.

On 2002.01.31 15:37:30 -0500, Steven M. Bellovin wrote:
> I oversimplified:  it uses domain names for destination addresses, but 
> IP address for origination.  Someone is an insider if they are (a) on 
> the right network(s), which is (presumably) under the control of the 
> administrator, or (b) receiving mail in that domain, which is 
> definitely under administrative control.  You can't use domain name for 
> source-checking, or the spammers will send all their mail as being from 
> root@cs.ubc.ca or what have you.  Heck, they'd just send it as being 
> from root, and let the sending site fill in its domain name.
> 
> 		--Steve Bellovin, http://www.research.att.com/~smb
> 		Full text of "Firewalls" book now at http://www.wilyhacker.com

-- 
"Source code in files. How quaint." - Kent Beck
"Maybe this world is another planet's Hell." - Aldous Huxley