Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andrew - Supernews
Date:  
À: exim users
Sujet: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
>>>>> "David" == David Saez Padros <david@???> writes:

>> But you're forcing me to devote _my_ resources to protecting
>> _your_ network. How is this not abusive?


David> First, i'm not only protecting my network, i'm also protecting
David> your domain from people who try to send email on your's domain
David> behalf to my users.

Did I ask you to do this?

David> and you are missing one very important point, current smtp
David> schema is by itself insecure, there is no widely spread way to
David> check that the sender has relaly sent the message.

And callout does NOT HELP THIS AT ALL, since the spammers are quite
happy to use sender addresses that exist.

David> This is a security problem that obviously when solved will
David> imply that the receiver host will try to check the message
David> auhtenticity by connecting to the sender's domain servers
David> (SPF, DKIM, callout, whatever ...) Will you call this abuse ??

DNS has both positive and negative caching with TTLs specified by the
publisher; it is commonly cached in ways that allow sharing of caches
over many servers and users; it's a very lightweight protocol from the
point of view of an authoritative server; it is easily scaled up; the
relevent queries for SPF, DKIM, etc., are per-domain rather than
per-user, and it _exists for the purpose of publishing information
about domains_. None of this is true for SMTP-based callouts.

--
Andrew, Supernews
http://www.supernews.com