Tool for validating sender address as spam-fighting technique?

Justin Mason jm at
Sun Mar 11 13:02:37 UTC 2007

for what it's worth, I would suggest *not* adopting this
as an anti-spam technique.

Sender-address verification is _bad_ as an anti-spam technique, in my
opinion.  Basically, there's one obvious response for spammers looking to
evade it -- use "real" sender addresses. Where's an easy place to find
real addresses? On the list of target addresses they're spamming!

Hence, the spam recipients now get twice as much mail from each spam run
-- spam aimed at them, *and* bounce blowback from hundreds of spams aimed
at others, forged to appear to be from them.  It's the obvious response to
SAV, which is one reason why we never implemented something like that in


Kelly Jones writes:
> To fight spam, I want to validate the address (not necessarily in
> real-time) of the a given email sender. Is there a Unix tool that does
> this?
> The basics are simple: to validate "kmnyqi at", I connect to
> the MX record of and go as far as "RCPT TO" as follows:
> > host -t mx
> mail is handled by 5
> > telnet 25
> Trying
> Connected to
> Escape character is '^]'.
> 220 Welcome to Bayou mxfilter
> 250
> MAIL FROM: <test at>
> 250 Ok
> RCPT TO: <kmnyqi at>
> 550 <kmnyqi at>: Recipient address rejected: 5.1.1
> <kmnyqi at>... User unknown
> 221 Bye
> Connection closed by foreign host.
> This tells me kmnyqi at is an invalid address and that mail
> from that address is probably bogus.
> A more sophisticated tool would cache results, handle temporary
> failures (eg, inability to connect to the MX server), handle multiple
> MX records, perhaps even publish results [carefully, to avoid giving
> spammers a source of legit email addresses!], etc. Plus, I'd prefer to
> use a tested tool vs hacking something up myself.
> I realize this technique is far from perfect:
> Spammers spoof legit addresses
> Bounces/Mailing lists/etc legitimately use "do not reply" addresses
> It could be considered unfriendly to the target MX servers
> Some mail servers incorrectly say "user unknown" when they see spam,
> figuring it's more of a deterrent than saying "you're a spammer"
> Some mail servers inefficiently accept mail for "foo at" (where
> is one of their domains), figure out if foo exists later, and
> send a bounce back to the envelope sender, instead of rejecting email
> at the SMTP level (a really good tool would create throwaway addresses
> to catch these cases too)
> ... but I still think it might help.
> -- 
> We're just a Bunch Of Regular Guys, a collective group that's trying
> to understand and assimilate technology. We feel that resistance to
> new ideas and technology is unwise and ultimately futile.

More information about the freebsd-questions mailing list