John L wrote:
I phrased it wrong. You are not responsible for the content, but you are responsible for the mail domain and that includes verifying that mail is validly from your domain you are responsible for.

Oh, OK. So if someone sends pump and dump with a [EMAIL PROTECTED] return address, and I do a callback and your MTA says "yup! that's a 100% valid address!" then I turn you in to the SEC, rignt? You have now confirmed that the mail is from you, after all. Or if you haven't, what purpose did the callback serve?

There is some reasonable validation technology coming along, most notably DKIM which which I presume you are familiar. But callbacks are not it.

I agree..... callbacks are not enough, you can reach a
false conclusion, that´s why I use SPF along with callbacks...

on the same message, my MX concludes:

"you are sending email "from [EMAIL PROTECTED]", but
says YOUR IP address is not allowed to send email on behalf
of that domain, therefore YOU ARE FAKE/FORGED" ..---> reject


MSc. Marcelo Maraboli Rosselott
Jefe Area de Redes y Comunicaciones  (Network & UNIX Systems Engineer)
Ingeniero Civil Electronico, CISSP  (Electronic Engineer, CISSP, MSc.)

Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria         phone: +56 32 2654071
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to