nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: verizon.net and other email grief

From: abuse () cabal org uk (Peter Corlett)
Date: Fri, 10 Dec 2004 21:16:19 +0000 (UTC)

Paul G <paul () rusko us> wrote:

[...] they also have what they call 'callout verification', which is
equivalent to what is being discussed, but the documentation makes
the drawbacks painfully clear and suggests that it only be used
against hosts within the same organization.


No, that caveat is given for *recipient callforward verification*
which is dangerous if turned on blindly. I know, I tried it for a very
short while :)


i'm not a fan of exim, but it appears that although they've given
users the rope, they've been diligent enough to label it
appropriately.


Sender callback verification is a different beast and is highly
effective against spam. It does of course not come without its price
of false positives caused by misconfigured senders. Unlike other
mechanisms, it at least doesn't inconvenience senders who haven't
botched their mail system.

The only false positives I see are things like web sites that mail
from a webserver role account which doesn't have a mailbox. Even so,
ecommerce sites are learning to not do this, and ordered goods usually
turn up regardless of whether or not an automatically-generated
confirmation email arrives.

-- 
PGP key ID E85DC776 - finger abuse () mooli org uk for full key
Previous By Date Next
Previous By Thread Next

Current thread: