On 06/07/07, Toralf Lund <[EMAIL PROTECTED]> wrote: > > > > > Do you realise that callouts are considered abusive in anti-spam circles and > > are often used in certain forms of ddos attacks ? Some major mail servers > > even BLOCK based on the number of callouts they receive from a given IP. > > Something like 80% of emails are spam, so 80% of your callouts are being > > directed at totally innocent machines. Challenge response methods should be > > considered in the same way. > > > I tend to consider them as a way of reducing spam, and everything that > does is for the Greater Good, IMO. Also, I'm quite happy to receive this > kind of requests at our server, so I'll happily use them myself - > according to some principle we read in some holy book or the other at > school...
You'll need to be careful about who you send callouts too, then. As Phil says, the view that 'all callouts are abuse' has some vociferous supporters. At the very least I suggest the following: - maintain a list of domains you never call out to - do as much envelope-checking as you can before triggering a callout (DNSBLs, verify=sender, SPF pass, HELO sanity) - expect to be listed by some agressive DNSBLs - don't go near SPAM-L Personally, I'd rather receive sender verification callouts than backscatter. But that view doesn't always scale. Peter -- Peter Bowyer Email: [EMAIL PROTECTED] -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
