Tool for validating sender address as spam-fighting technique?
prandal at herefordshire.gov.uk
Sat Mar 10 23:44:09 UTC 2007
smf-sav is one sendmail milter which does this:
SAV v1.3.0 - console utility for e-Mail Sender Address Verification
(also at http://smfs.sf.net/ )
From: Kelly Jones [mailto:kelly.terry.jones at gmail.com]
Sent: 10 March 2007 19:28
To: freebsd-questions at freebsd.org; users at spamassassin.apache.org;
linuxusersgroup at googlegroups.com; nmlug at nmlug.org;
nmosug-l at mailman.swcp.com
Subject: Tool for validating sender address as spam-fighting technique?
To fight spam, I want to validate the address (not necessarily in
real-time) of the a given email sender. Is there a Unix tool that does
The basics are simple: to validate "kmnyqi at wnonline.net", I connect to
the MX record of wnonline.net and go as far as "RCPT TO" as follows:
> host -t mx wnonline.net
wnonline.net mail is handled by 5 wnspf.bayou.com.
> telnet wnspf.bayou.com. 25
Connected to wnspf.bayou.com..
Escape character is '^]'.
220 Welcome to Bayou mxfilter
MAIL FROM: <test at ignoreme.com>
RCPT TO: <kmnyqi at wnonline.net>
550 <kmnyqi at wnonline.net>: Recipient address rejected: 5.1.1
<kmnyqi at wnonline.net>... User unknown
Connection closed by foreign host.
This tells me kmnyqi at wnonline.net is an invalid address and that mail
from that address is probably bogus.
A more sophisticated tool would cache results, handle temporary
failures (eg, inability to connect to the MX server), handle multiple
MX records, perhaps even publish results [carefully, to avoid giving
spammers a source of legit email addresses!], etc. Plus, I'd prefer to
use a tested tool vs hacking something up myself.
I realize this technique is far from perfect:
Spammers spoof legit addresses
Bounces/Mailing lists/etc legitimately use "do not reply" addresses
It could be considered unfriendly to the target MX servers
Some mail servers incorrectly say "user unknown" when they see spam,
figuring it's more of a deterrent than saying "you're a spammer"
Some mail servers inefficiently accept mail for "foo at xxx.com" (where
xxx.com is one of their domains), figure out if foo exists later, and
send a bounce back to the envelope sender, instead of rejecting email
at the SMTP level (a really good tool would create throwaway addresses
to catch these cases too)
... but I still think it might help.
We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.
More information about the freebsd-questions