From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 20:55:23 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C417916A400 for ; Sun, 11 Mar 2007 20:55:23 +0000 (UTC) (envelope-from prvs=johnl=0583ff2bdd@iecc.com) Received: from gal.iecc.com (gal.iecc.com [208.31.42.53]) by mx1.freebsd.org (Postfix) with ESMTP id 4299B13C45A for ; Sun, 11 Mar 2007 20:55:23 +0000 (UTC) (envelope-from prvs=johnl=0583ff2bdd@iecc.com) Received: (qmail 6422 invoked from network); 11 Mar 2007 20:55:22 -0000 Received: from simone.iecc.com (208.31.42.47) by mail1.iecc.com with QMQP; 11 Mar 2007 20:55:22 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 11 Mar 2007 20:55:22 -0000 Date: Sun, 11 Mar 2007 16:55:21 -0400 (EDT) From: John L To: "Chad Leigh -- Shire.Net LLC" In-Reply-To: <0AC225E6-E55D-4C20-9A00-2EDD95985848@shire.net> Message-ID: <20070311165028.S44863@simone.iecc.com> References: <20070311200829.31802.qmail@simone.iecc.com> <0AC225E6-E55D-4C20-9A00-2EDD95985848@shire.net> Cleverness: None detected MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 20:55:23 -0000 > I phrased it wrong. You are not responsible for the content, but you are > responsible for the mail domain and that includes verifying that mail is > validly from your domain you are responsible for. Oh, OK. So if someone sends pump and dump with a chad@shire.net return address, and I do a callback and your MTA says "yup! that's a 100% valid address!" then I turn you in to the SEC, rignt? You have now confirmed that the mail is from you, after all. Or if you haven't, what purpose did the callback serve? There is some reasonable validation technology coming along, most notably DKIM which which I presume you are familiar. But callbacks are not it. > and you are breaking the RFCs. (valid verification includes checking that > the sender can accept a proper DSN back, which is required of the sender to > do). Uh huh. Which RFC is this that says I have to permit a fake partial DSN transaction? If you have a DSN, send it. If you don't, don't. Don't forget that the From: line address need not be the same as the bounce address; in my mail it never is. R's, John