Author: Marc Sherman Date: To: exim-users Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
Chad Leigh -- Shire.Net LLC wrote: >
> Yes it is. If someone provides email services, they accept the
> responsibility for that email address and accept responsibility for
> their servers being set up according to RFCs. If a provider supports
> email addresss foo@??? then part of that support is to verify
> that the address is a valid address.
Um, no. The RFC explicitly allows for sites refusing to support address
verification. See RFC2821, section 7.3. The RFC-blessed mechanism for
address verification is the VRFY command, and sites are perfectly within
their rights to return 252 (ie: VRFY not allowed) for all VRFY requests.
Using RCPT TO: to hack verification on a server that has made a policy
decision to disable VRFY is an abuse.