From owner-freebsd-questions@FreeBSD.ORG Wed Mar 14 00:27:46 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A73D316A405 for ; Wed, 14 Mar 2007 00:27:46 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from corellia.vindaloo.com (corellia.vindaloo.com [64.51.148.100]) by mx1.freebsd.org (Postfix) with ESMTP id 6C86D13C44B for ; Wed, 14 Mar 2007 00:27:46 +0000 (UTC) (envelope-from chris@vindaloo.com) Received: from dagobah.vindaloo.com (dagobah.vindaloo.com [172.24.145.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by corellia.vindaloo.com (Postfix) with ESMTP id 60CAA5CA1; Tue, 13 Mar 2007 20:05:22 -0400 (EDT) Received: from localhost.vindaloo.com (localhost.vindaloo.com [IPv6:::1]) by dagobah.vindaloo.com (8.13.8/8.13.8) with ESMTP id l2E00Wt2001870; Tue, 13 Mar 2007 20:00:32 -0400 (EDT) (envelope-from chris@vindaloo.com) From: Christopher Sean Hilton To: Marcelo Maraboli In-Reply-To: <45F57936.3030601@usm.cl> References: <20070311200829.31802.qmail@simone.iecc.com> <0AC225E6-E55D-4C20-9A00-2EDD95985848@shire.net> <20070311165028.S44863@simone.iecc.com> <45F57936.3030601@usm.cl> Content-Type: text/plain; charset=iso8859-1 Date: Tue, 13 Mar 2007 20:00:31 -0400 Message-Id: <1173830431.1588.34.camel@dagobah.vindaloo.com> Mime-Version: 1.0 X-Mailer: Evolution 2.6.2 FreeBSD GNOME Team Port Content-Transfer-Encoding: 8bit Cc: John L , freebsd-questions@freebsd.org, "Chad Leigh -- Shire.Net LLC" Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2007 00:27:46 -0000 On Mon, 2007-03-12 at 12:00 -0400, Marcelo Maraboli wrote: > > I agree..... callbacks are not enough, you can reach a > false conclusion, thatīs why I use SPF along with callbacks... > > on the same message, my MX concludes: > > "you are sending email "from chad@shire.net", but shire.net > says YOUR IP address is not allowed to send email on behalf > of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject > > regards, > I'm not sure what you mean by callbacks but if that involves talking to mx.example.com and trying to figure out if cmdr.sinclair@example.com is a valid address go ahead. I would consider a mailserver that answers that question a security risk as it is freely giving away information about your domain without notifying you. For a long time my mx servers would answer any such question in the affirmative regardless of whether or not the mail account existed. As the above poster says SPF is the way to go. SPF gives the receiving MTA a mechanism to vet inbound mail. For any combination of and there are three possible results from an SPF check: The server is allowed to send mail for the domain; The server is not allowed to send mail for the domain; And I cannot tell because the owner of the domain hasn't published an SPF record. The only problem with SPF is that it's not more widely implemented so the third response is sadly more common than the first two. -- Chris