Tool for validating sender address as spam-fighting technique?
chris at vindaloo.com
Thu Mar 15 04:25:35 UTC 2007
Chuck Swiger wrote:
> On Mar 13, 2007, at 8:37 PM, Chad Leigh -- Shire.Net LLC wrote:
>>>> Address verification callbacks take various forms, but the way exim
>>>> does it by default is to attempt to start a DSN delivery to the
>>>> address and if the RCPT TO is accepted it is affirmative. It is not
>>>> usually use VRFY. Most address verification is done by attempting
>>>> to start some sort of delivery to the address.
>>> I'm assuming that DSN is Delivery Service Notification
>>> or return receipt.
> Most callback systems either try to do a DSN or they try to do a
> delivery (SMTP RCPT TO) and then quit before sending a message body via
> DATA; they do not depend on the SMTP VRFY command as that is commonly
> blocked or configured to return a generic "I don't know whether the
> address is valid".
>>> If it is or if it somehow relies on the ability to deliver a message
>>> via smtp to *@example.com then I don't see how it prevents spam.
>> If the mail says it is from chris at vindaloo.com but I cannot send a DSN
>> to chris at vindaloo.com then the account is most likely bogus sender and
>> is refused. It works wonders for spam.
>> DSN has a specific definition -- look in the RFCs as I don't remember
>> which RFC it is offhand. But you are supposed to always accept a DSN
>> from <> as part of the RFCs
> Supporting bounce messages from <> was part of the original RFC-821/822
> specs. The fancier three-digit codes and canonical DSN format was
> specified somewhat later, but I believe that the updated SMTP RFCs,
> 2821/2822 include it.
I just skimmed one of the RFC's to see how this works and it looks like
there's some provision for relaying the answer to the right server. I
think I misunderstood how it worked and made an incorrect assumption.
I assumed that it would not be able to figure out that
curry at vindaloo.com is not a valid address given that the worlds primary
MX did not know the details of my internal addressing structure until I
implemented greylisting last October. It looks like an interesting
technique for validating email. I'll have to figure out if I can add it
to the stack of things that I do for spam prevention.
__o "All I was doing was trying to get home from work."
_`\<,_ -Rosa Parks
Christopher Sean Hilton <chris | at | vindaloo.com>
pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
More information about the freebsd-questions