Tool for validating sender address as spam-fighting technique?

Kris Kennaway kris at obsecurity.org
Sun Mar 11 19:46:52 UTC 2007


On Sun, Mar 11, 2007 at 01:43:22PM -0600, Chad Leigh -- Shire.Net LLC wrote:
> 
> On Mar 11, 2007, at 1:36 PM, Kris Kennaway wrote:
> 
> >On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net  
> >LLC wrote:
> >>
> >>On Mar 11, 2007, at 6:31 AM, Justin Mason wrote:
> >>
> >>>
> >>>for what it's worth, I would suggest *not* adopting this
> >>>as an anti-spam technique.
> >>>
> >>>Sender-address verification is _bad_ as an anti-spam technique,  
> >>>in my
> >>>opinion.  Basically, there's one obvious response for spammers
> >>>looking to
> >>>evade it -- use "real" sender addresses. Where's an easy place to  
> >>>find
> >>>real addresses? On the list of target addresses they're spamming!
> >>
> >>This is a red-herring.  They already do that.  They have been doing
> >>that for a long time.  And it has nothing to do with sender
> >>verification.
> >>
> >>Sender verification works and works well.
> >
> >I hate sender verification because it forces me (the sender) to jump
> >through hoops just for the privilege of sending email to you.
> 
> No, it forces you to set up a correct RFC abiding system
> 
> >I send
> >a lot of "courtesy" emails to e.g. port maintainers who have problems
> >with their ports, and when I encounter someone with such a system I
> >usually don't bother following up (their port just gets marked broken
> >in the usual way, and they can follow up on it on their own if they
> >want to).
> 
> If your system is following the RFCs then you should have no  
> problems.  YOU should fix your broken system.  Sending emails without  
> a valid from address is disconsiderate.  Why should I accept a mail  
> from an account that violates the RFCs about accepting DSN back?

Perhaps we are talking about different things, I am talking about
systems which send me an email back requiring me to do steps a, b or c
in order to complete delivery of the email.

kris


More information about the freebsd-questions mailing list