Re: [exim] listed at Backscatterer.org

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Ian Eiloart
CC: exim-users, exim.ml
Subject: Re: [exim] listed at Backscatterer.org
On Mon, 2010-06-28 at 11:48 +0100, Ian Eiloart wrote:
> Well, the backscatter issue means that we have no choice but to try to do
> that. But that's a bad thing. It would be a much better world in which we
> were able to accept such messages, and then generate a bounce. Why? Because
> bounce messages have the potential to be more user-friendly.


Users still won't bother to read them, and will prefer to ask a sysadmin
who will have read the words on the user's screen to them, before the
user actually understands.

> I believe that with improved email authentication (SPF, DKIM, etc), we'll
> one day be able to revive the bounce message.


That's actually one thing that SPF _could_ be useful for. The problem
with using SPF for rejecting mail is that it can only _reliably_ say
either 'yes' and 'don't know'.

It isn't sane to use a 'don't know' answer as a criterion for rejecting
mail -- but it _is_ sane to use a 'yes' answer to decide "it's OK to
accept this mail and then bounce it later if we have to".

FWIW, I wouldn't bother worrying about backscatterer.org. They
deliberately don't distinguish between real backscatter and sender
verification, even though they could easily do so by noting whether the
host attempts to enter the DATA phase or not. Any sane blacklist would
give the user the _choice_ of whether to include hosts that do sender
verification, but backscatterer.org seems to deliberately refuse to do
this in order to promote its owner's religious beliefs about callouts.

I think my hosts are frequently listed, but I've only _once_ noticed it
causing a rejection -- and in that case, the admin of the rejecting mail
server was easily persuaded to stop using backscatterer.org after the
problems with it were explained.

You can't worry about _every_ random blacklist out there run by idiots.

--
dwmw2