Date: Sun, 11 Mar 2007 13:43:22 -0600 From: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> To: Kris Kennaway <kris@obsecurity.org> Cc: Justin Mason <jm@jmason.org>, User Questions <freebsd-questions@freebsd.org> Subject: Re: Tool for validating sender address as spam-fighting technique? Message-ID: <C097EA14-200D-4C1F-B2A8-063B808C1C9E@shire.net> In-Reply-To: <20070311193608.GA92584@xor.obsecurity.org> References: <20070311123142.A326032CD9@radish.jmason.org> <2B018128-F951-41DF-8EFD-123119E9987C@shire.net> <20070311193608.GA92584@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 11, 2007, at 1:36 PM, Kris Kennaway wrote: > On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net > LLC wrote: >> >> On Mar 11, 2007, at 6:31 AM, Justin Mason wrote: >> >>> >>> for what it's worth, I would suggest *not* adopting this >>> as an anti-spam technique. >>> >>> Sender-address verification is _bad_ as an anti-spam technique, >>> in my >>> opinion. Basically, there's one obvious response for spammers >>> looking to >>> evade it -- use "real" sender addresses. Where's an easy place to >>> find >>> real addresses? On the list of target addresses they're spamming! >> >> This is a red-herring. They already do that. They have been doing >> that for a long time. And it has nothing to do with sender >> verification. >> >> Sender verification works and works well. > > I hate sender verification because it forces me (the sender) to jump > through hoops just for the privilege of sending email to you. No, it forces you to set up a correct RFC abiding system > I send > a lot of "courtesy" emails to e.g. port maintainers who have problems > with their ports, and when I encounter someone with such a system I > usually don't bother following up (their port just gets marked broken > in the usual way, and they can follow up on it on their own if they > want to). If your system is following the RFCs then you should have no problems. YOU should fix your broken system. Sending emails without a valid from address is disconsiderate. Why should I accept a mail from an account that violates the RFCs about accepting DSN back? Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C097EA14-200D-4C1F-B2A8-063B808C1C9E>