Alan J. Flavell wrote:
> I hope I made it plain enough that I was speaking more in hypothetical
> terms, without actually advocating it as a long-term solution. As I
> said, I really don't believe that widespread deployment of callouts is
even on a limited basis - we found it tough / useless to scale on our
systems, as it was holding up just too much legitimate email
verizon tried the right way to do callouts not quite long back and had
to adopt their nonstandard way just because there are too many people
out there who reject MAIL FROM:<> for one reason or another (we've been
known to temporarily turn off MAIL FROM:<> for particular domains when
they're being heavily dictionary attacked)
anyway - as long as it works for you, and as long as you do stuff to
minimize the number of callouts, like you do -
1. apply lots of other filters first (helo filters, dnsbls etc)
2. cache callout data
you should be good to go, for as long as callouts remain an effective
method.
spammers are already publishing spf records for their throwaway domains
primarily so that they can get set up with feedback loops on AOL I
guess, though this does help them avoid spf check failures - feedback
loops make the spam they send to AOL stick out like a sore thumb, and
the loop means that AOL knows what their IPs are.
so no reason why they wont adapt quite fast to these by setting up a
smtpsink sort of thing that accepts all email, shunts it to /dev/null
and spits back a 250 ok.
suresh
