Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Chad Leigh
Datum:  
To: Dean Brooks
CC: exim-users
Betreff: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive

On Oct 17, 2006, at 6:30 PM, Dean Brooks wrote:

> On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote:
>>>>>>> "Renaud" == Renaud Allard <renaud@???> writes:
>>
>> Renaud> In a perfect world we would need neither callouts neither
>> Renaud> blacklists as people wouldn't send spam in the first
>> Renaud> place. But we are not in a perfect world.
>>
>> Trying to block spam by using other people's resources without
>> permission is just as bad as sending spam.
>
> Just throwing in my opinion here, but I totally agree with Andrew on
> this one. Sender verification callouts without first ensuring the
> sender is sourcing from an authorized host (via SPF or other means) is
> essentially as bad as spamming. Those callouts are using resources
> that provide no benefit to the owner of the resources being used.


Yes they do provide benefit. They prevent prevent full-fledged DSNs
in some cases.

And when you advertise an MX record, ie, make yourself responsible to
the world for a specific email address, you are also volunteering to
guarantee that the address is a real address. You cannot have your
cake and eat it too.

>
> Anyone who has run a very active mail server will tell you that
> callouts can use *enormous* amounts of resources if amplified
> appropriately. Denial of service would be very easy with only a few
> sites doing callbacks and an agressive forger. The only reason this
> doesn't happen more often is very few sites use callouts (thankfully).
>
> People who use callouts should not complain if they end up getting
> blocked. If you use my server resources in a transaction where our
> organization or our customers receive no benefit, then you are
> commiting essentially the same ethical (if not legal) crime as a
> spammer.


No, that is not true. You are missing the point that you have
volunteered to be responsible for that email address which includes
proving it is a valid one to people who need to know.

YOU are responsible for what happens with your email address. If you
cannot stop spam users from forging it, then you have to provide a
means to verify if it is a legit address and do all you reasonable
can to protect people from mis-use. That is part of the social
compact of the internet.

Chad

---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net