Rick Cooper wrote:
>
>
>
>> -----Original Message-----
>> From: exim-users-bounces@???
>> [mailto:exim-users-bounces@exim.org] On Behalf Of Johann Steigenberger
>> Sent: Monday, April 23, 2007 7:31 PM
>> To: exim-users@???
>> Subject: [exim] UCEPROTECT, APEWS and the truth about Marc Perkel
>>
>> Hi all,
>> sorry to bug you with this thread, but we want to give you a
>> statement
>> after all those lies we have seen here by Marc Perkel here after he
>> has started the thread: Who is APEWS?
>>
>>
> [...]
>
>
> I just had a joe-job spam incident against one of our domains and let me
> tell you I would MUCH prefer a million verification attempts to the
> thousands of freaking postmaster bounces that include a portion of the
> original email. See, in a prefect world every server that received the email
> would have checked our spf records that list every conceivable host that
> does/might deliver mail for our domain(s) and hard fails everything else.
> It's not a prefect world and I got thousands of bounces (why did they accept
> them in the first place) and "spam returns" that end up costing FAR more
> since they end up being passed on the SpamAssassin and the virus checking
> routines. We don't spam check or virus test verification attempts believe it
> or not. The truth is sender verification should be the last test on the list
> but it is valid, or acceptable for me on BOTH sides of the connection. Until
> someone decides it's time to expand the protocol, or better yet design a
> system that operates like DNS but has only the purpose of validating hosts
> and users, this is a better tool. If a message makes it past all our other
> tests to sender validation then we do verify the sender, and I must admit we
> don't catch as many forged addresses as we did two years ago, but I think if
> everyone stopped SAV the problem would return at an even heavier rate as
> before.
>
>
Rick, I'm totally in agreement with you on this one. In fact I try to
keep my servers as SAV friendly as possible because I've noticed that
spammers don't spoof domains where the hosting servers are SAV friendly.
Spammers tend to pick domains that use wildcard email addresses you fail
to return good verification information because the spammer knows they
will be caught.
And - like you said, a verification connection creates far less overhead
than dealing with bounce messages. It is an effective tool to keep
spammers from making up fake email addresses.
And - I'm with you on the idea of using some kind of DNS verification to
determine if the sender is good. I'd love to hear ideas as to how to
make that happen.