Tool for validating sender address as spam-fighting technique?
Christopher Sean Hilton
chris at vindaloo.com
Wed Mar 14 00:27:46 UTC 2007
On Mon, 2007-03-12 at 12:00 -0400, Marcelo Maraboli wrote:
>
> I agree..... callbacks are not enough, you can reach a
> false conclusion, that´s why I use SPF along with callbacks...
>
> on the same message, my MX concludes:
>
> "you are sending email "from chad at shire.net", but shire.net
> says YOUR IP address is not allowed to send email on behalf
> of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject
>
> regards,
>
I'm not sure what you mean by callbacks but if that involves talking to
mx.example.com and trying to figure out if cmdr.sinclair at example.com is
a valid address go ahead. I would consider a mailserver that answers
that question a security risk as it is freely giving away information
about your domain without notifying you. For a long time my mx servers
would answer any such question in the affirmative regardless of whether
or not the mail account existed.
As the above poster says SPF is the way to go. SPF gives the receiving
MTA a mechanism to vet inbound mail. For any combination of <mail
server> and <from address/from domain> there are three possible results
from an SPF check: The server is allowed to send mail for the domain;
The server is not allowed to send mail for the domain; And I cannot tell
because the owner of the domain hasn't published an SPF record. The only
problem with SPF is that it's not more widely implemented so the third
response is sadly more common than the first two.
-- Chris
More information about the freebsd-questions
mailing list