Craig Whitmore wrote: >>Many folks treat a sender-verify callout as a probe. >>Many more don't respond in a useful or timely way. >> >>We *have* given it up. > > > I've started to use callouts and I personally find they work quite well > except for people who insist on sending out emails from invalid address so > I've had to whitelist a few things like noreply@ etc. Also there are broken > SMTP Servers which don't accept bounces (so I report them to rfc-ignorant). > Most of the time I can contact the owners of the mail servers and get them > to fix their broken mail servers. > > Thanks > >
At least at one time (I am NOT current) AOL, IIRC was 'claiming to' treat the connect-query-abort-without-traffic callout sequence as a probe and blacklisting the source. Dunno if they actually *did* do so, but we don't need to find out, so .. OTOH, any 'fixed base' spammer with 'proper' DNS entries, or a DynDNS resolver service, can easily configure so as to 'verify' any address queried, hosted or not. The majority of bogus 'senders' seem to come off of bogus servers, that do NOT have these credentials, so forward/reverse lookup, HELO mismatch, and dynamic-IP RBL hits - which are at least cached/cachable - are already a pretty good indicator. All manner of hits here are posted to .csv files and/or PgSQL DB table from which we generate our own 'recently rude' local BL - not of the whole world, but of the ones that have targeted *our* servers. YMMV, Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
