Tool for validating sender address as spam-fighting technique?
cswiger at mac.com
Wed Mar 14 18:07:27 UTC 2007
On Mar 13, 2007, at 8:37 PM, Chad Leigh -- Shire.Net LLC wrote:
>>> Address verification callbacks take various forms, but the way
>>> exim does it by default is to attempt to start a DSN delivery to
>>> the address and if the RCPT TO is accepted it is affirmative. It
>>> is not usually use VRFY. Most address verification is done by
>>> attempting to start some sort of delivery to the address.
>> I'm assuming that DSN is Delivery Service Notification
>> or return receipt.
Most callback systems either try to do a DSN or they try to do a
delivery (SMTP RCPT TO) and then quit before sending a message body
via DATA; they do not depend on the SMTP VRFY command as that is
commonly blocked or configured to return a generic "I don't know
whether the address is valid".
>> If it is or if it somehow relies on the ability to deliver a
>> message via smtp to *@example.com then I don't see how it prevents
> If the mail says it is from chris at vindaloo.com but I cannot send a
> DSN to chris at vindaloo.com then the account is most likely bogus
> sender and is refused. It works wonders for spam.
> DSN has a specific definition -- look in the RFCs as I don't
> remember which RFC it is offhand. But you are supposed to always
> accept a DSN from <> as part of the RFCs
Supporting bounce messages from <> was part of the original
RFC-821/822 specs. The fancier three-digit codes and canonical DSN
format was specified somewhat later, but I believe that the updated
SMTP RFCs, 2821/2822 include it.
More information about the freebsd-questions