Date: Sun, 11 Mar 2007 15:36:09 -0400 From: Kris Kennaway <kris@obsecurity.org> To: "Chad Leigh -- Shire.Net LLC" <chad@shire.net> Cc: Justin Mason <jm@jmason.org>, User Questions <freebsd-questions@freebsd.org> Subject: Re: Tool for validating sender address as spam-fighting technique? Message-ID: <20070311193608.GA92584@xor.obsecurity.org> In-Reply-To: <2B018128-F951-41DF-8EFD-123119E9987C@shire.net> References: <20070311123142.A326032CD9@radish.jmason.org> <2B018128-F951-41DF-8EFD-123119E9987C@shire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Mar 11, 2007 at 12:41:48PM -0600, Chad Leigh -- Shire.Net LLC wrote: > > On Mar 11, 2007, at 6:31 AM, Justin Mason wrote: > > > > >for what it's worth, I would suggest *not* adopting this > >as an anti-spam technique. > > > >Sender-address verification is _bad_ as an anti-spam technique, in my > >opinion. Basically, there's one obvious response for spammers > >looking to > >evade it -- use "real" sender addresses. Where's an easy place to find > >real addresses? On the list of target addresses they're spamming! > > This is a red-herring. They already do that. They have been doing > that for a long time. And it has nothing to do with sender > verification. > > Sender verification works and works well. I hate sender verification because it forces me (the sender) to jump through hoops just for the privilege of sending email to you. I send a lot of "courtesy" emails to e.g. port maintainers who have problems with their ports, and when I encounter someone with such a system I usually don't bother following up (their port just gets marked broken in the usual way, and they can follow up on it on their own if they want to). Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070311193608.GA92584>