On Oct 17, 2006, at 6:30 PM, Dean Brooks wrote: > On Wed, Oct 18, 2006 at 12:15:36AM +0100, Andrew - Supernews wrote: >>>>>>> "Renaud" == Renaud Allard <[EMAIL PROTECTED]> writes: >> >> Renaud> In a perfect world we would need neither callouts neither >> Renaud> blacklists as people wouldn't send spam in the first >> Renaud> place. But we are not in a perfect world. >> >> Trying to block spam by using other people's resources without >> permission is just as bad as sending spam. > > Just throwing in my opinion here, but I totally agree with Andrew on > this one. Sender verification callouts without first ensuring the > sender is sourcing from an authorized host (via SPF or other means) is > essentially as bad as spamming. Those callouts are using resources > that provide no benefit to the owner of the resources being used.
Yes they do provide benefit. They prevent prevent full-fledged DSNs in some cases. And when you advertise an MX record, ie, make yourself responsible to the world for a specific email address, you are also volunteering to guarantee that the address is a real address. You cannot have your cake and eat it too. > > Anyone who has run a very active mail server will tell you that > callouts can use *enormous* amounts of resources if amplified > appropriately. Denial of service would be very easy with only a few > sites doing callbacks and an agressive forger. The only reason this > doesn't happen more often is very few sites use callouts (thankfully). > > People who use callouts should not complain if they end up getting > blocked. If you use my server resources in a transaction where our > organization or our customers receive no benefit, then you are > commiting essentially the same ethical (if not legal) crime as a > spammer. No, that is not true. You are missing the point that you have volunteered to be responsible for that email address which includes proving it is a valid one to people who need to know. YOU are responsible for what happens with your email address. If you cannot stop spam users from forging it, then you have to provide a means to verify if it is a legit address and do all you reasonable can to protect people from mis-use. That is part of the social compact of the internet. Chad --- Chad Leigh -- Shire.Net LLC Your Web App and Email hosting provider chad at shire.net -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
