Date: Sun, 11 Mar 2007 14:00:04 -0600 From: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> To: Kris Kennaway <kris@obsecurity.org> Cc: User Questions <freebsd-questions@freebsd.org> Subject: Re: Tool for validating sender address as spam-fighting technique? Message-ID: <63F5EA49-DF46-4795-AB00-D81C2E26762E@shire.net> In-Reply-To: <20070311194650.GA92854@xor.obsecurity.org> References: <20070311123142.A326032CD9@radish.jmason.org> <2B018128-F951-41DF-8EFD-123119E9987C@shire.net> <20070311193608.GA92584@xor.obsecurity.org> <C097EA14-200D-4C1F-B2A8-063B808C1C9E@shire.net> <20070311194650.GA92854@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 11, 2007, at 1:46 PM, Kris Kennaway wrote: > On Sun, Mar 11, 2007 at 01:43:22PM -0600, Chad Leigh -- Shire.Net > LLC wrote: >> >> On Mar 11, 2007, at 1:36 PM, Kris Kennaway wrote: >> >>> On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net >>> LLC wrote: >>>> >>>> On Mar 11, 2007, at 6:31 AM, Justin Mason wrote: >>>> >>>>> >>>>> for what it's worth, I would suggest *not* adopting this >>>>> as an anti-spam technique. >>>>> >>>>> Sender-address verification is _bad_ as an anti-spam technique, >>>>> in my >>>>> opinion. Basically, there's one obvious response for spammers >>>>> looking to >>>>> evade it -- use "real" sender addresses. Where's an easy place to >>>>> find >>>>> real addresses? On the list of target addresses they're spamming! >>>> >>>> This is a red-herring. They already do that. They have been doing >>>> that for a long time. And it has nothing to do with sender >>>> verification. >>>> >>>> Sender verification works and works well. >>> >>> I hate sender verification because it forces me (the sender) to jump >>> through hoops just for the privilege of sending email to you. >> >> No, it forces you to set up a correct RFC abiding system >> >>> I send >>> a lot of "courtesy" emails to e.g. port maintainers who have >>> problems >>> with their ports, and when I encounter someone with such a system I >>> usually don't bother following up (their port just gets marked >>> broken >>> in the usual way, and they can follow up on it on their own if they >>> want to). >> >> If your system is following the RFCs then you should have no >> problems. YOU should fix your broken system. Sending emails without >> a valid from address is disconsiderate. Why should I accept a mail >> from an account that violates the RFCs about accepting DSN back? > > Perhaps we are talking about different things, I am talking about > systems which send me an email back requiring me to do steps a, b or c > in order to complete delivery of the email. No, we are talking about the MTA verifying that the sender address is a real address that can accept either mail back or at least a properly formatted DSN back. The things you talk about ARE a PITA and I usually ignore them unless the person is wanting to give me money... (Ie a customer who placed an order with another business I run for example). Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63F5EA49-DF46-4795-AB00-D81C2E26762E>