Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Dean Brooks
Date:  
À: exim-users
Sujet: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote:
> >>>>> "Renaud" == Renaud Allard <renaud@???> writes:
>
> Renaud> In a perfect world we would need neither callouts neither
> Renaud> blacklists as people wouldn't send spam in the first
> Renaud> place. But we are not in a perfect world.
>
> Trying to block spam by using other people's resources without
> permission is just as bad as sending spam.


Just throwing in my opinion here, but I totally agree with Andrew on
this one. Sender verification callouts without first ensuring the
sender is sourcing from an authorized host (via SPF or other means) is
essentially as bad as spamming. Those callouts are using resources
that provide no benefit to the owner of the resources being used.

Anyone who has run a very active mail server will tell you that
callouts can use *enormous* amounts of resources if amplified
appropriately. Denial of service would be very easy with only a few
sites doing callbacks and an agressive forger. The only reason this
doesn't happen more often is very few sites use callouts (thankfully).

People who use callouts should not complain if they end up getting
blocked. If you use my server resources in a transaction where our
organization or our customers receive no benefit, then you are
commiting essentially the same ethical (if not legal) crime as a spammer.

The opinions of callouts will vary widely, I'm sure, but I think you'll
find a less favorable opinion from admins who run ISP or large corporate
mail servers.

--
Dean Brooks
dean@???