When linkedIn sends and email to you about adding someone to your network, the email appears to come from this person's individual email address (not something@linkedin.com). To me it doesn't seem like a 'reply-to' header either but perhaps i'm missing something.
Seems like it would be an immediate red flag to have their mail IPs sending out email from all sorts of addresses and domains. Is this because they have built up a lot of credibility with ISPs?
-
Generally that type of thing is filtered at the smtp out end. Since they host their own mail server they just specify the from email address on their sendmail script.
This is a good example of how it is done - http://www.antionline.com/showthread.php?t=265200
From The Digital Ninja -
There is no verification process for specifying the "From" header if you have relay access to a SMTP server. However, if you do not have relay access, you will be limited to sending e-Mail that the server receives mail for.
If you run an e-Mail server, you can specify most e-Mail headers freely, which includes the From header.
Put simply, the SMTP protocol does not prevent this from occurring.
Matt : SPF only checks the envelope sender, not the header sender address.Warner : Very good point. Thank you for the correction, matt.From Warner -
It seems like you already know that the only thing limiting anyone sending as anyone else is the recipient spam filtering. For basic envelope filtering, the envelope sender actually does correspond with them (...@bounces.linkedin.com).
For the content filtering side (headers and body), mail from linkedin with non-linkedin From: headers also have a Sender: header, specifically messages-noreply@bounce.linkedin.com. Many clients (Outlook being a big exception) hide this so it's not often noticed. Both DKIM and SPF allow using Sender rather than From, and as a result modern filters don't seem to care much about the From: header provided the Sender: header is validated or meets whatever other fuzzy source matching is in place. Modern mailing list software also uses the Sender header approach (many years ago, most only set the envelope sender to the list).
drummel : Check... thanks!From Jeremy M
0 comments:
Post a Comment