Rick Cooper wrote:
>
*snip*
>
> I just had a joe-job spam incident against one of our domains and let me
> tell you I would MUCH prefer a million verification attempts to the
> thousands of freaking postmaster bounces that include a portion of the
> original email. See, in a prefect world every server that received the email
> would have checked our spf records that list every conceivable host that
> does/might deliver mail for our domain(s) and hard fails everything else.
> It's not a prefect world and I got thousands of bounces (why did they accept
> them in the first place) and "spam returns" that end up costing FAR more
> since they end up being passed on the SpamAssassin and the virus checking
> routines. We don't spam check or virus test verification attempts believe it
> or not. The truth is sender verification should be the last test on the list
> but it is valid, or acceptable for me on BOTH sides of the connection. Until
> someone decides it's time to expand the protocol, or better yet design a
> system that operates like DNS but has only the purpose of validating hosts
> and users, this is a better tool. If a message makes it past all our other
> tests to sender validation then we do verify the sender, and I must admit we
> don't catch as many forged addresses as we did two years ago, but I think if
> everyone stopped SAV the problem would return at an even heavier rate as
> before.
>
There are better tools to stop that.
Are you accepting alleged 'bounces'..
- with multiple recipients?
- from dynamic IP?
- that cannot be resolved at all?
- from servers that will not stand up to a brief delay?
- that try to pipeline when you do not advertise it?
- that attempt to forge their origin, or HELO as your own server?
You don't need SAV for any of those tests.....
Or blacklists. Good, bad, or indifferent.
Bill
