From owner-freebsd-questions@FreeBSD.ORG Wed Mar 14 02:11:44 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E017916A400 for ; Wed, 14 Mar 2007 02:11:44 +0000 (UTC) (envelope-from chad@shire.net) Received: from hobbiton.shire.net (mail.shire.net [166.70.252.250]) by mx1.freebsd.org (Postfix) with ESMTP id BA72913C44C for ; Wed, 14 Mar 2007 02:11:44 +0000 (UTC) (envelope-from chad@shire.net) Received: from [67.171.127.191] (helo=[192.168.99.68]) by hobbiton.shire.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.51) id 1HRIxr-000DTb-VE; Tue, 13 Mar 2007 20:11:44 -0600 In-Reply-To: <1173830431.1588.34.camel@dagobah.vindaloo.com> References: <20070311200829.31802.qmail@simone.iecc.com> <0AC225E6-E55D-4C20-9A00-2EDD95985848@shire.net> <20070311165028.S44863@simone.iecc.com> <45F57936.3030601@usm.cl> <1173830431.1588.34.camel@dagobah.vindaloo.com> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: <30DC016D-CA46-44D1-A12D-00BDD723A71D@shire.net> Content-Transfer-Encoding: quoted-printable From: "Chad Leigh -- Shire.Net LLC" Date: Tue, 13 Mar 2007 20:11:42 -0600 To: Christopher Sean Hilton X-Mailer: Apple Mail (2.752.2) X-SA-Exim-Connect-IP: 67.171.127.191 X-SA-Exim-Mail-From: chad@shire.net X-SA-Exim-Scanned: No (on hobbiton.shire.net); SAEximRunCond expanded to false Cc: Marcelo Maraboli , User Questions Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2007 02:11:45 -0000 On Mar 13, 2007, at 6:00 PM, Christopher Sean Hilton wrote: > On Mon, 2007-03-12 at 12:00 -0400, Marcelo Maraboli wrote: > >> >> I agree..... callbacks are not enough, you can reach a >> false conclusion, that=B4s why I use SPF along with callbacks... >> >> on the same message, my MX concludes: >> >> "you are sending email "from chad@shire.net", but shire.net >> says YOUR IP address is not allowed to send email on behalf >> of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject >> >> regards, >> > > I'm not sure what you mean by callbacks but if that involves =20 > talking to > mx.example.com and trying to figure out if =20 > cmdr.sinclair@example.com is > a valid address go ahead. I would consider a mailserver that answers > that question a security risk as it is freely giving away information > about your domain without notifying you. For a long time my mx servers > would answer any such question in the affirmative regardless of =20 > whether > or not the mail account existed. Address verification callbacks take various forms, but the way exim =20 does it by default is to attempt to start a DSN delivery to the =20 address and if the RCPT TO is accepted it is affirmative. It is not =20 usually use VRFY. Most address verification is done by attempting to =20= start some sort of delivery to the address. > > As the above poster says SPF is the way to go. SPF gives the receiving > MTA a mechanism to vet inbound mail. For any combination of server> and there are three possible =20 > results > from an SPF check: The server is allowed to send mail for the domain; > The server is not allowed to send mail for the domain; And I cannot =20= > tell > because the owner of the domain hasn't published an SPF record. The =20= > only > problem with SPF is that it's not more widely implemented so the third > response is sadly more common than the first two. I believe it also breaks when you have forwards. Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net