From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 20:11:26 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B9EEA16A400 for ; Sun, 11 Mar 2007 20:11:26 +0000 (UTC) (envelope-from prvs=johnl=0583ff2bdd@iecc.com) Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by mx1.freebsd.org (Postfix) with ESMTP id A376013C489 for ; Sun, 11 Mar 2007 20:11:25 +0000 (UTC) (envelope-from prvs=johnl=0583ff2bdd@iecc.com) Received: (qmail 19065 invoked from network); 11 Mar 2007 19:44:43 -0000 Received: from simone.iecc.com (208.31.42.47) by mail1.iecc.com with QMQP; 11 Mar 2007 19:44:43 -0000 Date: 11 Mar 2007 19:44:43 -0000 Message-ID: <20070311194443.26033.qmail@simone.iecc.com> From: John Levine To: freebsd-questions@freebsd.org In-Reply-To: <2B018128-F951-41DF-8EFD-123119E9987C@shire.net> Organization: Mime-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7bit Cc: chad@shire.net Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 20:11:26 -0000 >Sender verification works and works well. I suppose that if you define "works" to include mailbombing innocent third parties, then that might be true. I have some fairly heavily forged domains, and on a bad day I see upwards of 300,000 connections from bounces, "validation", and the like attacking the little BSD box under my desk where the MTA is. Gee, thanks a lot. >Sorry, but you conclusion does not follow. Sender verification has >been around for a while and this has not happened in my experience. >Ie, there is no greater use of real FROM addresses than there was >before. What planet have you been on? A few years back spam return addresses were typically complete fakes in nonexistent domains. Now they're picked out of the same victim lists as the targets. I've had to locally blacklist a few places specifically because of all of their abusive verification. If that's what you want, well ... Oh, and the way my MTA is set up, a verification callback doesn't work. But that doesn't keep the clueless from trying. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "More Wiener schnitzel, please", said Tom, revealingly.