Tool for validating sender address as spam-fighting technique?

Kris Kennaway kris at obsecurity.org
Sun Mar 11 19:36:10 UTC 2007


On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net LLC wrote:
> 
> On Mar 11, 2007, at 6:31 AM, Justin Mason wrote:
> 
> >
> >for what it's worth, I would suggest *not* adopting this
> >as an anti-spam technique.
> >
> >Sender-address verification is _bad_ as an anti-spam technique, in my
> >opinion.  Basically, there's one obvious response for spammers  
> >looking to
> >evade it -- use "real" sender addresses. Where's an easy place to find
> >real addresses? On the list of target addresses they're spamming!
> 
> This is a red-herring.  They already do that.  They have been doing  
> that for a long time.  And it has nothing to do with sender  
> verification.
> 
> Sender verification works and works well.

I hate sender verification because it forces me (the sender) to jump
through hoops just for the privilege of sending email to you.  I send
a lot of "courtesy" emails to e.g. port maintainers who have problems
with their ports, and when I encounter someone with such a system I
usually don't bother following up (their port just gets marked broken
in the usual way, and they can follow up on it on their own if they
want to).

Kris


More information about the freebsd-questions mailing list