Re: [exim] UCEPROTECT Blacklists and why callouts are abusiv…

Top Page
Delete this message
Reply to this message
Author: Chad Leigh
Date:  
To: exim-users
Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive

On Oct 18, 2006, at 12:11 PM, Marc Sherman wrote:

> Chad Leigh -- Shire.Net LLC wrote:
>>
>> Yes it is. If someone provides email services, they accept the
>> responsibility for that email address and accept responsibility for
>> their servers being set up according to RFCs. If a provider supports
>> email addresss foo@??? then part of that support is to verify
>> that the address is a valid address.
>
> Um, no. The RFC explicitly allows for sites refusing to support
> address
> verification. See RFC2821, section 7.3. The RFC-blessed mechanism for
> address verification is the VRFY command, and sites are perfectly
> within
> their rights to return 252 (ie: VRFY not allowed) for all VRFY
> requests.
> Using RCPT TO: to hack verification on a server that has made a policy
> decision to disable VRFY is an abuse.


7.3 talks about VRFY. Different question. The RFC also says that
they must support receiving DSN back using a null sender. My policy
is to not accept email from domains that do not support receiving a
DSN. That is all that I am checking. See section 4.5.3

Chad

>
> - Marc
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://www.exim.org/eximwiki/


---
Chad Leigh -- Shire.Net LLC
Your Web App and Email hosting provider
chad at shire.net