Author: Ian Eiloart Date: To: Stuart Gall, Dean Brooks CC: exim-users Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
--On 18 October 2006 14:45:07 +0300 Stuart Gall <stuart@???> wrote:
>
>> Just throwing in my opinion here, but I totally agree with Andrew on
>> this one. Sender verification callouts without first ensuring the
>> sender is sourcing from an authorized host (via SPF or other means) is
>> essentially as bad as spamming. Those callouts are using resources
>> that provide no benefit to the owner of the resources being used.
>
> SPF is fairly useless, most companies will have employees traveling
> and using different SMTP servers. I use smtp auth for all my clients
> but even then I have come across hotels that have installed
> transparent SMTP proxies and so the user has to turn smtp auth off
> and use the hotels SMTP server.
>
Yes, but that's what RFC 4409 is for. We don't currently publish SPF
records, but we don't accept email from our own domain unless it was
originally submitted to our MSA server. The policy is almost 100% effective
at keeping internal email (from and to local domains) spam free, and I've
not had many queries about it (though I did for a year or so after
implementation).
