Date: Sun, 11 Mar 2007 15:46:50 -0400 From: Kris Kennaway <kris@obsecurity.org> To: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> Cc: Justin Mason <jm@jmason.org>, User Questions <freebsd-questions@freebsd.org>, Kris Kennaway <kris@obsecurity.org> Subject: Re: Tool for validating sender address as spam-fighting technique? Message-ID: <20070311194650.GA92854@xor.obsecurity.org> In-Reply-To: <C097EA14-200D-4C1F-B2A8-063B808C1C9E@shire.net> References: <20070311123142.A326032CD9@radish.jmason.org> <2B018128-F951-41DF-8EFD-123119E9987C@shire.net> <20070311193608.GA92584@xor.obsecurity.org> <C097EA14-200D-4C1F-B2A8-063B808C1C9E@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 11, 2007 at 01:43:22PM -0600, Chad Leigh -- Shire.Net LLC wrote: > > On Mar 11, 2007, at 1:36 PM, Kris Kennaway wrote: > > >On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net > >LLC wrote: > >> > >>On Mar 11, 2007, at 6:31 AM, Justin Mason wrote: > >> > >>> > >>>for what it's worth, I would suggest *not* adopting this > >>>as an anti-spam technique. > >>> > >>>Sender-address verification is _bad_ as an anti-spam technique, > >>>in my > >>>opinion. Basically, there's one obvious response for spammers > >>>looking to > >>>evade it -- use "real" sender addresses. Where's an easy place to > >>>find > >>>real addresses? On the list of target addresses they're spamming! > >> > >>This is a red-herring. They already do that. They have been doing > >>that for a long time. And it has nothing to do with sender > >>verification. > >> > >>Sender verification works and works well. > > > >I hate sender verification because it forces me (the sender) to jump > >through hoops just for the privilege of sending email to you. > > No, it forces you to set up a correct RFC abiding system > > >I send > >a lot of "courtesy" emails to e.g. port maintainers who have problems > >with their ports, and when I encounter someone with such a system I > >usually don't bother following up (their port just gets marked broken > >in the usual way, and they can follow up on it on their own if they > >want to). > > If your system is following the RFCs then you should have no > problems. YOU should fix your broken system. Sending emails without > a valid from address is disconsiderate. Why should I accept a mail > from an account that violates the RFCs about accepting DSN back? Perhaps we are talking about different things, I am talking about systems which send me an email back requiring me to do steps a, b or c in order to complete delivery of the email. kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070311194650.GA92854>