Re: [exim] Fighting DEA providers

Hi,

On Tue, Jun 3, 2014 at 6:26 PM, Graeme Fowler <graeme@???> wrote:

>> Is there any specific MTA way of dealing with DAE providers?
>
> I can't think of one that's specific to the problem, no. Without any
> specific machine knowledge of a remote domain, how do we (that's a
> rhetorical "we") know that the addresses originating in that domain are
> "disposable"?

I suppose this would go back to the DNSBL. But unless there is one
already, this is still a recto-active manner to do things as it will
take time for the databases to build up. I am currently looking in
all eagerness however. Perhaps starting one up wouldn't be such a bad
idea as a mid to long term project.


> I'd look at another route - like making the signup process have some
> other identifier which is less likely to be throwaway, such as a credit
> card verification or PIN-via-SMS to a specified phone number which you
> can correlate multiple signups against. It'll cost you a bit more, but
> it may bring in more revenue (or prevent loss of revenue via the methods
> you described).

We currently do SMS verification yes - whilst the costs aren't
prohibitive, we are battling with SMS delivery, especially in the US.
There was some laws past a few years ago in the US which makes it
rather difficult for non US numbers to send SMSes into the country for
spam reasons. SMS and Credit card's aren't 100% fail safe either just
so BTW - there are a few places on the net where you can get a
temporary number and receive a SMS via the web (similar to DEA
emails). Credit card numbers can be generated too.


--

Regards,
Chris Knipe