Date: Tue, 18 Sep 2007 00:56:43 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Jay Chandler" <lists@sequestered.net>, <freebsd-questions@freebsd.org> Subject: RE: SMTP Error from my server? Message-ID: <BMEDLGAENEKCJFGODFOCKEGJCAAA.tedm@toybox.placo.com> In-Reply-To: <46EF206B.90908@sequestered.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Jay Chandler > Sent: Monday, September 17, 2007 5:49 PM > To: freebsd-questions@freebsd.org > Subject: Re: SMTP Error from my server? > > > > > This idea works fine for normal email addresses, but fails miserably > > with certain types of automated email which is not intended for people > > to reply to, and it also tends to lose out with TDMA > > (http://tmda.net/). More importantly, it also fails to work with > > itself-- other people using "sender verification callouts" cause a > > loop of failed deliveries, as neither side trusts the other. > > > The larger problem as well is that it doesn't scale. Someone forging a > From header out of a botnet could easily DDoS a smaller server > completely off the net if enough people implemented this system. > verizon.net implements this system and they are pretty big. They put in checks to the setup to prevent these scenarios from happening. I don't like these systems myself as a gatekeeper but it isn't true that these systems cannot scale. They can scale fine - at the cost of greatly increased complexity of the logic in the system. I will point out that Network Address Translation - a technology that people take for granted and scale up all the time - has a far worse increase in complexity (espically in implementations that handle translation of all the normally not translatable protocols) I would actually love to see someone implement sender-callback-verification as a module in Spamassassin, where callback checks could be assigned a point value. In other words, failing sender-callback wouldn't automatically get a message blocked - but failing would increase the point value of the message to make it more likely to be considered spam. > Antispam measures that are in and of themselves abusive aren't generally > considered to be good ideas. It all depends on the implementation. A good implementation of sender callback is no worse than a good implementation of greylisting, and a bad implementation of sender callback is as bad as a bad implementation of greylisting. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BMEDLGAENEKCJFGODFOCKEGJCAAA.tedm>