Author: Patrice Fournier Date: To: exim-users Subject: Re: [Exim] blocking blank from addresses
First of all, thanks for sharing your thoughts,...
For the record, of the rfc-ignorant lists, I only use dsn.rfc-ignorant.org
as I had problems sending bounces before. And the only other one I'd
consider is postmaster, but I'm not sure about that one yet.
Quoting Matthew Byng-Maddick <exim@???>:
> Their whois.rfc-ignorant.org domain would block out the entire uk.
> domain, and any subdomains of it.
Totally true, and I believe their ipwhois is even worst...
> With the DSN thing, I believe there are sites which track what mails
> have been sent out, and if an envelope sender hasn't sent a mail
> recently, it won't be a valid recipient for even a <>. In the face
> of mail system abuse, it is clear that this is a very grey area.
I don't know of such a system, postmaster's mail should still go through
and if that's how the tests are always run, they wouldn't be listed. Of
course, such a system should ensure that no mail from that domain must be
sent without passing through that system.
> Remember that the tester is not able to test DSNs. The other thing is
> that I run a system which has bait addresses and is designed as
> anti-spam. If you manage to trigger its defences, it will refuse <>
> addresses as well as everything else, and will only receive mail for
> postmaster and a few admin addresses from you.
I know it is suggested on the rfc-ignorant site that the tester should
ensure the reason for reject is because of the MAIL FROM: <> and not
anything else (with posting to postmaster being given as a way to
demonstrate it). As long as the testers do their job correctly and the
listing are genuine, I'll use that zone. But if it becomes corrupted by
false alarm (I've had none so far, but in only over a month of testing), I
will have to change my mind...
> There is no requirement to supply an "abuse" address for every domain,
> which I believe they also ask for, especially for small mail domains,
> maintaining random (non-mandated) addresses seems a bit broken.
There is an RFC which requires it, but AFAIR it never made it to standard
and I don't believe in it either. As long as I can reach someone, being
abuse@ postmaster@ or anything listed in abuse.net's database, I don't
care.
Thanks again,
P.S. Does anyone knows of a site which list detailed informations about
why not to use such and such blacklists so someone could see if he's ok
with those consequences before subscribing to a blacklist? Most of the
blacklists homepage does not provide much helpful information about why
not to use them? (The spews' faq gives a bit of information about a couple
of lists, but no details)