Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Sep 2007 00:56:43 -0700
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Jay Chandler" <lists@sequestered.net>, <freebsd-questions@freebsd.org>
Subject:   RE: SMTP Error from my server?
Message-ID:  <BMEDLGAENEKCJFGODFOCKEGJCAAA.tedm@toybox.placo.com>
In-Reply-To: <46EF206B.90908@sequestered.net>

next in thread | previous in thread | raw e-mail | index | archive | help


> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Jay Chandler
> Sent: Monday, September 17, 2007 5:49 PM
> To: freebsd-questions@freebsd.org
> Subject: Re: SMTP Error from my server?
>
> >
> > This idea works fine for normal email addresses, but fails miserably
> > with certain types of automated email which is not intended for people
> > to reply to, and it also tends to lose out with TDMA
> > (http://tmda.net/).  More importantly, it also fails to work with
> > itself-- other people using "sender verification callouts" cause a
> > loop of failed deliveries, as neither side trusts the other.
> >
> The larger problem as well is that it doesn't scale.  Someone forging a
>  From header out of a botnet could easily DDoS a smaller server
> completely off the net if enough people implemented this system.
>

verizon.net implements this system and they are pretty big.  They put
in checks to the setup to prevent these scenarios from happening.

I don't like these systems myself as a gatekeeper but it isn't true
that these systems
cannot scale.  They can scale fine - at the cost of greatly increased
complexity of the logic in the system.

I will point out that Network Address Translation - a technology
that people take for granted and scale up all the time - has a far worse
increase in complexity (espically in implementations that handle
translation of all the normally not translatable protocols)

I would actually love to see someone implement sender-callback-verification
as a module in Spamassassin, where callback checks could be assigned a
point value.  In other words, failing sender-callback wouldn't automatically
get a message blocked - but failing would increase the point value of the
message
to make it more likely to be considered spam.

> Antispam measures that are in and of themselves abusive aren't generally
> considered to be good ideas.

It all depends on the implementation.  A good implementation of sender
callback is no worse than a good implementation of greylisting, and a
bad implementation of sender callback is as bad as a bad implementation
of greylisting.

Ted




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BMEDLGAENEKCJFGODFOCKEGJCAAA.tedm>