From owner-freebsd-questions@FreeBSD.ORG Mon Mar 12 16:11:41 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0D67316A400 for ; Mon, 12 Mar 2007 16:11:41 +0000 (UTC) (envelope-from marcelo.maraboli@usm.cl) Received: from sith.usm.cl (sith.usm.cl [200.1.21.112]) by mx1.freebsd.org (Postfix) with ESMTP id 6B75913C455 for ; Mon, 12 Mar 2007 16:11:40 +0000 (UTC) (envelope-from marcelo.maraboli@usm.cl) Received: from jedi.usm.cl (jedi.usm.cl [200.1.21.110]) by sith.usm.cl (8.13.5/8.13.5) with ESMTP id l2CG12Ih030643; Mon, 12 Mar 2007 12:01:02 -0400 (CLT) (envelope-from marcelo.maraboli@usm.cl) Received: from [200.1.21.50] (pucon.dcsc.utfsm.cl [200.1.21.50]) (user=marcelo.maraboli mech=PLAIN bits=0) by jedi.usm.cl (8.13.4/8.13.4) with ESMTP id l2CG0xU9069241 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 12 Mar 2007 12:01:01 -0400 (CLT) (envelope-from marcelo.maraboli@usm.cl) Message-ID: <45F57936.3030601@usm.cl> Date: Mon, 12 Mar 2007 12:00:54 -0400 From: Marcelo Maraboli User-Agent: Thunderbird 1.5.0.10 (Windows/20070221) MIME-Version: 1.0 To: John L References: <20070311200829.31802.qmail@simone.iecc.com> <0AC225E6-E55D-4C20-9A00-2EDD95985848@shire.net> <20070311165028.S44863@simone.iecc.com> In-Reply-To: <20070311165028.S44863@simone.iecc.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Flag: NO X-Scanned-By: milter-spamc/0.25.321 (sith.usm.cl. [200.1.21.112]); Mon, 12 Mar 2007 12:01:08 -0400 X-Spam-Status: NO, hits=-4.50 required=3.00 X-Spam-Level: X-Virus-Scanned: ClamAV 0.88.2/2823/Mon Mar 12 05:55:20 2007 on sith.usm.cl X-Virus-Status: Clean Cc: freebsd-questions@freebsd.org, "Chad Leigh -- Shire.Net LLC" Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2007 16:11:41 -0000 John L wrote: >> I phrased it wrong. You are not responsible for the content, but you >> are responsible for the mail domain and that includes verifying that >> mail is validly from your domain you are responsible for. > > Oh, OK. So if someone sends pump and dump with a chad@shire.net return > address, and I do a callback and your MTA says "yup! that's a 100% valid > address!" then I turn you in to the SEC, rignt? You have now confirmed > that the mail is from you, after all. Or if you haven't, what purpose > did the callback serve? > > There is some reasonable validation technology coming along, most > notably DKIM which which I presume you are familiar. But callbacks are > not it. > I agree..... callbacks are not enough, you can reach a false conclusion, thatīs why I use SPF along with callbacks... on the same message, my MX concludes: "you are sending email "from chad@shire.net", but shire.net says YOUR IP address is not allowed to send email on behalf of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject regards, -- MSc. Marcelo Maraboli Rosselott Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer) Ingeniero Civil Electronico, CISSP (Electronic Engineer, CISSP, MSc.) Direccion Central de Servicios Computacionales (DCSC) Universidad Tecnica Federico Santa Maria phone: +56 32 2654071 Chile. http://www.usm.cl http://elqui.dcsc.utfsm.cl