Tool for validating sender address as spam-fighting technique?

Chad Leigh -- Shire.Net LLC chad at shire.net
Sun Mar 11 20:00:13 UTC 2007 

On Mar 11, 2007, at 1:46 PM, Kris Kennaway wrote:

> On Sun, Mar 11, 2007 at 01:43:22PM -0600, Chad Leigh -- Shire.Net  
> LLC wrote:
>>
>> On Mar 11, 2007, at 1:36 PM, Kris Kennaway wrote:
>>
>>> On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net
>>> LLC wrote:
>>>>
>>>> On Mar 11, 2007, at 6:31 AM, Justin Mason wrote:
>>>>
>>>>>
>>>>> for what it's worth, I would suggest *not* adopting this
>>>>> as an anti-spam technique.
>>>>>
>>>>> Sender-address verification is _bad_ as an anti-spam technique,
>>>>> in my
>>>>> opinion.  Basically, there's one obvious response for spammers
>>>>> looking to
>>>>> evade it -- use "real" sender addresses. Where's an easy place to
>>>>> find
>>>>> real addresses? On the list of target addresses they're spamming!
>>>>
>>>> This is a red-herring.  They already do that.  They have been doing
>>>> that for a long time.  And it has nothing to do with sender
>>>> verification.
>>>>
>>>> Sender verification works and works well.
>>>
>>> I hate sender verification because it forces me (the sender) to jump
>>> through hoops just for the privilege of sending email to you.
>>
>> No, it forces you to set up a correct RFC abiding system
>>
>>> I send
>>> a lot of "courtesy" emails to e.g. port maintainers who have  
>>> problems
>>> with their ports, and when I encounter someone with such a system I
>>> usually don't bother following up (their port just gets marked  
>>> broken
>>> in the usual way, and they can follow up on it on their own if they
>>> want to).
>>
>> If your system is following the RFCs then you should have no
>> problems.  YOU should fix your broken system.  Sending emails without
>> a valid from address is disconsiderate.  Why should I accept a mail
>> from an account that violates the RFCs about accepting DSN back?
>
> Perhaps we are talking about different things, I am talking about
> systems which send me an email back requiring me to do steps a, b or c
> in order to complete delivery of the email.

No, we are talking about the MTA verifying that the sender address is  
a real address that can accept either mail back or at least a  
properly formatted DSN back.

The things you talk about ARE a PITA and I usually ignore them unless  
the person is wanting to give me money...  (Ie a customer who placed  
an order with another business I run for example).

Chad

---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net

More information about the freebsd-questions mailing list