Re: [Exim] yahoo.com makes callout senderverify unusable!?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Matthew Byng-Maddick
Ημερομηνία:  
Προς: Kevin Reed
Υ/ο: exim-users
Αντικείμενο: Re: [Exim] yahoo.com makes callout senderverify unusable!?
On Thu, Dec 04, 2003 at 08:51:33AM -0700, Kevin Reed wrote:
> Matthew Byng-Maddick said:
> > deny all yahoo.* messages where the HELO (which must contain .yahoo.) does
> > not resolve to the IP address of the peer SMTP.
> >
> > That will cut down a fair amount
> The problem with that is that you will then reject legit email.


I'm not too happy with the example below, nor any other example of where
you might send out a freemail address not from that freemail service.

> Example: A seller on Ebay will use a free account like yahoo, msn,
> hotmail as their mail address, but will send mail via Ebay's mail system.


Why do they need to use Ebay's mail system? (I'm not that familiar with
Ebay...), (note that this would break under an SPF-alike).

> Now are you going to reject a message because it came from Ebay but has a
> Yahoo address?? If you do, how are you going to communicate with them?


Ask them to use their yahoo account? After all, they're going to be
receiving the mail there, not at Ebay, why must they send it from there?

> However, if the incoming message does a HELO with yahoo.com or any of the
> others and the host is not a yahoo.com or respective host, they are just
> plain lying about the connection, and stopping those will stop a lot of
> spam.


Agreed.

> Other spam rules will catch most of the other.


Not necessarily.

> Just denying all yahoo, msn, hotmail etc... is lose you real email...


I never suggested this.

> A lot of people use the free accounts as a way to defeat them from getting
> spam. They switch accounts when the spam level gets too high.


I'm aware of this. I don't believe it works, though I'm sure those people
who do it feel it works well enough for them. This, to me, is the equivalent
of accepting that your computer is going to crash etc.

My point was that I'm happy to accept the freemail, provided that it came
through that freemail's systems. What I'm not happy to accept is freemail
addresses coming from random hosts on the internet. If you can't account
for yourself then I don't think I should have to deal with your mail.

I think, out of all of this, that I'd disagree with the term "legitimate".
As far as I'm concerned, Ebay is spoofing email addresses. I don't care
that it's a big corporate, that's what they're doing. I don't think that's
a good precedent to set. By spoofing email addresses (whether it's real
mail or not) they are making themselves "illegitimate".

YMMV, of course

MBM

--
Matthew Byng-Maddick         <mbm@???>           http://colondot.net/