|
|
|
|
|
|
by dredmorbius
7 days ago
|
|
|
The practice also makes filtering more effective. Rather than whitelisting simply on a given sender, you can rely on both the sender and the recipient address matching a known list. This needn't be a single sender address. If you have multiple contacts at a domain, or a given entity relies on several email services (e.g., direct personal email, vendor-based marketing emails, vendor-based support or notification services), you could add all of these to the "from" match set. I'm thinking through phone comms presently and am considering a similar concept for mitigating ever-growing phone abuse. Running a VOIP/PBX system, having multiple internal, non-public "extensions", each of which is valid for only a small subset of caller numbers. The "extension" space could be large (6--9 digits, say, millons to billions of values), making exhaustive search / coincidental match infeasible. (This is only one of a few approaches I'm thinking of, it happens to resemble the specific email practice being discussed.) |
|
|