Re: [exim] A cry for help - are there any plusnet admins out there ?

Fri, 25 Mar 2011 10:27:22 -0700 


On 3/25/2011 9:59 AM, Mark Goodge wrote:

On 25/03/2011 16:49, Marc Perkel wrote:


SAV is similar in that it is useful to determine if the sender is coming
from a bogus email address. I do respect the argument that it creates
some traffic. But SPF calls also create some traffic as well so if

you're on the Internet you'll be putting out data to people doing 
inquires.


There is also an upside to my SAV calls because once I determine an IP
needs to be blacklisted then I no longer make the SAV call and those who
use my blacklist stop making SAV calls as well causing a reduction in
traffic.

So - SAV is a lightweight call and I use it and it works.

For what it's worth - the best way not to have your domain spoofed is to
support SAV calls and not have a wildcard account. Spammers tend to
spoof domains where the validity of the sender can not be determined.



There are two main issues with SAV. Firstly, the majority of spam 
comes from forged, rather than non-existent, addresses, and hence 
verifying those addresses with SAV is not only useless as an anti-spam 
method but is also a form of backscatter. And, secondly, large volumes 
of verification probes are indistinguishable from a dictionary attack 
and hence are likely to get your server blacklisted.


Mark



I should perhaps run some tests to see what percentage of callouts that 
I do result in good/bad verification. According to my logs I caught 6735 
invalid sender in the last 4 days. Not sure how many valid senders I 
called in the process. I'll have to set up some kind of test to 
determine that. I suppose that was 6735 spams that weren't delivered 
because of SAV.



Keep in mind that Exim has caching so the number of real callouts is 
greatly reduced. Also -, al least on my system, after a number of bad 
senders the IP is blacklisted resulting in callouts not being made.



Also on my system 99%+ of email passes or is rejected without SAV 
callouts so my situation may not be typical.



--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/























					Reply via email to