Date: Tue, 13 Mar 2007 21:37:00 -0600 From: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> To: Christopher Sean Hilton <chris@vindaloo.com> Cc: Marcelo Maraboli <marcelo.maraboli@usm.cl>, User Questions <freebsd-questions@freebsd.org> Subject: Re: Tool for validating sender address as spam-fighting technique? Message-ID: <F04258F1-B263-4CF1-B3CD-0A58BE9A5C7A@shire.net> In-Reply-To: <45F76C4B.5070905@vindaloo.com> References: <20070311200829.31802.qmail@simone.iecc.com> <0AC225E6-E55D-4C20-9A00-2EDD95985848@shire.net> <20070311165028.S44863@simone.iecc.com> <45F57936.3030601@usm.cl> <1173830431.1588.34.camel@dagobah.vindaloo.com> <30DC016D-CA46-44D1-A12D-00BDD723A71D@shire.net> <45F76C4B.5070905@vindaloo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 13, 2007, at 9:30 PM, Christopher Sean Hilton wrote: > Chad Leigh -- Shire.Net LLC wrote: >> On Mar 13, 2007, at 6:00 PM, Christopher Sean Hilton wrote: >>> On Mon, 2007-03-12 at 12:00 -0400, Marcelo Maraboli wrote: >>> >>>> >>>> I agree..... callbacks are not enough, you can reach a >>>> false conclusion, that=B4s why I use SPF along with callbacks... >>>> >>>> on the same message, my MX concludes: >>>> >>>> "you are sending email "from chad@shire.net", but shire.net >>>> says YOUR IP address is not allowed to send email on behalf >>>> of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject >>>> >>>> regards, >>>> >>> >>> I'm not sure what you mean by callbacks but if that involves =20 >>> talking to >>> mx.example.com and trying to figure out if =20 >>> cmdr.sinclair@example.com is >>> a valid address go ahead. I would consider a mailserver that answers >>> that question a security risk as it is freely giving away =20 >>> information >>> about your domain without notifying you. For a long time my mx =20 >>> servers >>> would answer any such question in the affirmative regardless of =20 >>> whether >>> or not the mail account existed. >> Address verification callbacks take various forms, but the way =20 >> exim does it by default is to attempt to start a DSN delivery to =20 >> the address and if the RCPT TO is accepted it is affirmative. It =20 >> is not usually use VRFY. Most address verification is done by =20 >> attempting to start some sort of delivery to the address. > > I'm assuming that DSN is Delivery Service Notification yes > or return receipt. mp > If it is or if it somehow relies on the ability to deliver a =20 > message via smtp to *@example.com then I don't see how it prevents =20 > spam. If the mail says it is from chris@vindaloo.com but I cannot send a =20 DSN to chris@vindaloo.com then the account is most likely bogus =20 sender and is refused. It works wonders for spam. DSN has a specific definition -- look in the RFCs as I don't remember =20= which RFC it is offhand. But you are supposed to always accept a DSN =20= from <> as part of the RFCs Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F04258F1-B263-4CF1-B3CD-0A58BE9A5C7A>