Tool for validating sender address as spam-fighting technique?

[Chuck Swiger]

On Mar 13, 2007, at 8:37 PM, Chad Leigh -- Shire.Net LLC wrote:
>>> Address verification callbacks take various forms, but the way  
>>> exim does it by default is to attempt to start a DSN delivery to  
>>> the address and if the RCPT TO is accepted it is affirmative.  It  
>>> is not usually use VRFY.  Most address verification is done by  
>>> attempting to start some sort of delivery to the address.
>>
>> I'm assuming that DSN is Delivery Service Notification
>
> yes
>
>> or return receipt.
>
> mp

Most callback systems either try to do a DSN or they try to do a  
delivery (SMTP RCPT TO) and then quit before sending a message body  
via DATA; they do not depend on the SMTP VRFY command as that is  
commonly blocked or configured to return a generic "I don't know  
whether the address is valid".

>> If it is or if it somehow relies on the ability to deliver a  
>> message via smtp to *@example.com then I don't see how it prevents  
>> spam.
>
> If the mail says it is from chris at vindaloo.com but I cannot send a  
> DSN to chris at vindaloo.com then the account is most likely bogus  
> sender and is refused.  It works wonders for spam.
>
> DSN has a specific definition -- look in the RFCs as I don't  
> remember which RFC it is offhand.  But you are supposed to always  
> accept a DSN from <> as part of the RFCs

Supporting bounce messages from <> was part of the original  
RFC-821/822 specs.  The fancier three-digit codes and canonical DSN  
format was specified somewhat later, but I believe that the updated  
SMTP RFCs, 2821/2822 include it.

-- 
-Chuck