Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Top Page
Delete this message
Reply to this message
Author: Marc Sherman
Date:  
To: exim-users
Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
Chad Leigh -- Shire.Net LLC wrote:
>
> Yes it is. If someone provides email services, they accept the
> responsibility for that email address and accept responsibility for
> their servers being set up according to RFCs. If a provider supports
> email addresss foo@??? then part of that support is to verify
> that the address is a valid address.


Um, no. The RFC explicitly allows for sites refusing to support address
verification. See RFC2821, section 7.3. The RFC-blessed mechanism for
address verification is the VRFY command, and sites are perfectly within
their rights to return 252 (ie: VRFY not allowed) for all VRFY requests.
Using RCPT TO: to hack verification on a server that has made a policy
decision to disable VRFY is an abuse.

- Marc