Re: [exim] Fighting DEA providers

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Graeme Fowler
Date:  
À: Chris Knipe
CC: exim-users
Sujet: Re: [exim] Fighting DEA providers
On Tue, 2014-06-03 at 18:13 +0200, Chris Knipe wrote:
> We have a subscription service where users can sign up and receive
> free access, prior to having to subscribe. Allot of users, are
> signing up with DEA based email addresses, thus gaining access and
> more than a single free trial - which is far from ideal for us.


Presumably you mean they're signing up with "disposable" email
addresses...

> Is there any specific MTA way of dealing with DAE providers?


I can't think of one that's specific to the problem, no. Without any
specific machine knowledge of a remote domain, how do we (that's a
rhetorical "we") know that the addresses originating in that domain are
"disposable"?

What's to stop someone simply using address001@gmail, address002@gmail
and so on? How would you determine those to be "disposable" (or
otherwise), given that they're within a massive email domain which
categorically isn't intended to be used like that?

Personally I can't think of a DNSBL (don't use RBL, it's a trademark!)
that maps 1:1 onto "disposable" email domains. I'm not saying there
isn't one, though - and if there was, that's your answer.

I'd look at another route - like making the signup process have some
other identifier which is less likely to be throwaway, such as a credit
card verification or PIN-via-SMS to a specified phone number which you
can correlate multiple signups against. It'll cost you a bit more, but
it may bring in more revenue (or prevent loss of revenue via the methods
you described).

Graeme