Tool for validating sender address as spam-fighting technique?
kris at obsecurity.org
Sun Mar 11 19:46:52 UTC 2007
On Sun, Mar 11, 2007 at 01:43:22PM -0600, Chad Leigh -- Shire.Net LLC wrote:
> On Mar 11, 2007, at 1:36 PM, Kris Kennaway wrote:
> >On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net
> >LLC wrote:
> >>On Mar 11, 2007, at 6:31 AM, Justin Mason wrote:
> >>>for what it's worth, I would suggest *not* adopting this
> >>>as an anti-spam technique.
> >>>Sender-address verification is _bad_ as an anti-spam technique,
> >>>in my
> >>>opinion. Basically, there's one obvious response for spammers
> >>>looking to
> >>>evade it -- use "real" sender addresses. Where's an easy place to
> >>>real addresses? On the list of target addresses they're spamming!
> >>This is a red-herring. They already do that. They have been doing
> >>that for a long time. And it has nothing to do with sender
> >>Sender verification works and works well.
> >I hate sender verification because it forces me (the sender) to jump
> >through hoops just for the privilege of sending email to you.
> No, it forces you to set up a correct RFC abiding system
> >I send
> >a lot of "courtesy" emails to e.g. port maintainers who have problems
> >with their ports, and when I encounter someone with such a system I
> >usually don't bother following up (their port just gets marked broken
> >in the usual way, and they can follow up on it on their own if they
> >want to).
> If your system is following the RFCs then you should have no
> problems. YOU should fix your broken system. Sending emails without
> a valid from address is disconsiderate. Why should I accept a mail
> from an account that violates the RFCs about accepting DSN back?
Perhaps we are talking about different things, I am talking about
systems which send me an email back requiring me to do steps a, b or c
in order to complete delivery of the email.
More information about the freebsd-questions