On 25/03/2011 16:49, Marc Perkel wrote:
SAV is similar in that it is useful to determine if the sender is coming from a bogus email address. I do respect the argument that it creates some traffic. But SPF calls also create some traffic as well so if you're on the Internet you'll be putting out data to people doing inquires. There is also an upside to my SAV calls because once I determine an IP needs to be blacklisted then I no longer make the SAV call and those who use my blacklist stop making SAV calls as well causing a reduction in traffic. So - SAV is a lightweight call and I use it and it works. For what it's worth - the best way not to have your domain spoofed is to support SAV calls and not have a wildcard account. Spammers tend to spoof domains where the validity of the sender can not be determined.
There are two main issues with SAV. Firstly, the majority of spam comes from forged, rather than non-existent, addresses, and hence verifying those addresses with SAV is not only useless as an anti-spam method but is also a form of backscatter. And, secondly, large volumes of verification probes are indistinguishable from a dictionary attack and hence are likely to get your server blacklisted.
Mark -- http://mark.goodge.co.uk http://www.ratemysupermarket.com -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
