From owner-freebsd-questions@FreeBSD.ORG Sun Mar 11 19:46:52 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6CADC16A404 for ; Sun, 11 Mar 2007 19:46:52 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.freebsd.org (Postfix) with ESMTP id 9B15E13C448 for ; Sun, 11 Mar 2007 19:46:51 +0000 (UTC) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 773BF1A4D9A; Sun, 11 Mar 2007 12:46:51 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 9A2EF51375; Sun, 11 Mar 2007 15:46:50 -0400 (EDT) Date: Sun, 11 Mar 2007 15:46:50 -0400 From: Kris Kennaway To: "Chad Leigh -- Shire.Net LLC" Message-ID: <20070311194650.GA92854@xor.obsecurity.org> References: <20070311123142.A326032CD9@radish.jmason.org> <2B018128-F951-41DF-8EFD-123119E9987C@shire.net> <20070311193608.GA92584@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.2i Cc: Justin Mason , User Questions , Kris Kennaway Subject: Re: Tool for validating sender address as spam-fighting technique? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Mar 2007 19:46:52 -0000 On Sun, Mar 11, 2007 at 01:43:22PM -0600, Chad Leigh -- Shire.Net LLC wrote: > > On Mar 11, 2007, at 1:36 PM, Kris Kennaway wrote: > > >On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net > >LLC wrote: > >> > >>On Mar 11, 2007, at 6:31 AM, Justin Mason wrote: > >> > >>> > >>>for what it's worth, I would suggest *not* adopting this > >>>as an anti-spam technique. > >>> > >>>Sender-address verification is _bad_ as an anti-spam technique, > >>>in my > >>>opinion. Basically, there's one obvious response for spammers > >>>looking to > >>>evade it -- use "real" sender addresses. Where's an easy place to > >>>find > >>>real addresses? On the list of target addresses they're spamming! > >> > >>This is a red-herring. They already do that. They have been doing > >>that for a long time. And it has nothing to do with sender > >>verification. > >> > >>Sender verification works and works well. > > > >I hate sender verification because it forces me (the sender) to jump > >through hoops just for the privilege of sending email to you. > > No, it forces you to set up a correct RFC abiding system > > >I send > >a lot of "courtesy" emails to e.g. port maintainers who have problems > >with their ports, and when I encounter someone with such a system I > >usually don't bother following up (their port just gets marked broken > >in the usual way, and they can follow up on it on their own if they > >want to). > > If your system is following the RFCs then you should have no > problems. YOU should fix your broken system. Sending emails without > a valid from address is disconsiderate. Why should I accept a mail > from an account that violates the RFCs about accepting DSN back? Perhaps we are talking about different things, I am talking about systems which send me an email back requiring me to do steps a, b or c in order to complete delivery of the email. kris