Author: David Ward Date: To: exim-users Subject: Re: [exim] UCEPROTECT Blacklists and why callouts are abusive
On 10/18/06, Dave Lugo <dlugo@???> wrote: > RCPT TO callouts are now bearing the burden doing something they
> weren't designed for.
Agreed, but things like SPF/CALLERID/DK/... are not yet to the point
(deployment-wise) where they can take over.
> After hearing of friends' vanity domains being DoS'd by callbacks,
> and seeing similar effects at $dayjob occasionally, I don't think
> they're worth the hassle they can potentially inflict on others. >From my experience the traffic/problems caused by callbacks has been MUCH less than the traffic due to the bounced messages we get when
some spammer decides to use one of our domains as the return address.
We've even had people send messages to our abuse address where we had
to politely tell them that the message did not come from our machine
(and not in the SPF list), and often was not even a valid address on
the domain (although spammers are more often moving to using real
addresses that they have harvested).
To help protect us from this spam-collateral damage we are seriously
looking at having all outbound email get rewritten in an SRS like
fashion.
