Date: Sun, 11 Mar 2007 13:58:44 -0600 From: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> To: John Levine <johnl@iecc.com> Cc: freebsd-questions@freebsd.org Subject: Re: Tool for validating sender address as spam-fighting technique? Message-ID: <DFC99A26-22F3-47A9-814A-DD1E7CADC36B@shire.net> In-Reply-To: <20070311194443.26033.qmail@simone.iecc.com> References: <20070311194443.26033.qmail@simone.iecc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 11, 2007, at 1:44 PM, John Levine wrote: >> Sender verification works and works well. > > I suppose that if you define "works" to include mailbombing innocent > third parties, then that might be true. > > I have some fairly heavily forged domains, and on a bad day I see > upwards of 300,000 connections from bounces, "validation", and the > like attacking the little BSD box under my desk where the MTA is. > Gee, thanks a lot. Verification has nothing to do with bounces and mail bombs. You may get some traffic from verification but you would need to separate that out from the rest which is unrelated before you have a meaningful statistic. > >> Sorry, but you conclusion does not follow. Sender verification has >> been around for a while and this has not happened in my experience. >> Ie, there is no greater use of real FROM addresses than there was >> before. > > What planet have you been on? A few years back spam return addresses > were typically complete fakes in nonexistent domains. Now they're > picked out of the same victim lists as the targets. They have been doing that for ages. I run a hosting service and have had that problem way before sender verification became in vogue. > > I've had to locally blacklist a few places specifically because of > all of their abusive verification. If that's what you want, well ... That is up to you. If you claim to handle mail services for a certain domain, that includes verifying that mail is from you or not. YOU are responsible for the mail sent with your domain on it. > > Oh, and the way my MTA is set up, a verification callback doesn't > work. But that doesn't keep the clueless from trying. That is your business. But you are in violation of the RFCs Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DFC99A26-22F3-47A9-814A-DD1E7CADC36B>