What’s the best way of determining if an email address has been spoofed?
Here’s a solution I came up with: use the IP address of the originating server the mail came from and do a reverse DNS lookup to get the domain name. Compare the domain name from the lookup with the domain the email claims to have been sent from and if there is no corresponding A record discard the email. How reliable is this method? I have come across several references on the Internet that say that looking up the PTR record for a domain is not reliable because the PTR record(s) are often not well maintained or are even absent.
Another way using a similar approach but not relying on PTR entries, would be to look up the IP address of the domain the email claims to have come from and compare that with the IP address of the originating server. Have I missed something? Are there better ways of checking for spoofed emails?
Your comments are appreciated.