Chuck Swiger wrote:
On Mar 13, 2007, at 8:37 PM, Chad Leigh -- Shire.Net LLC wrote:
Address verification callbacks take various forms, but the way exim
does it by default is to attempt to start a DSN delivery to the
address and if the RCPT TO is accepted it is affirmative. It is not
usually use VRFY. Most address verification is done by attempting
to start some sort of delivery to the address.
I'm assuming that DSN is Delivery Service Notification
or return receipt.
Most callback systems either try to do a DSN or they try to do a
delivery (SMTP RCPT TO) and then quit before sending a message body via
DATA; they do not depend on the SMTP VRFY command as that is commonly
blocked or configured to return a generic "I don't know whether the
address is valid".
If it is or if it somehow relies on the ability to deliver a message
via smtp to [EMAIL PROTECTED] then I don't see how it prevents spam.
If the mail says it is from [EMAIL PROTECTED] but I cannot send a DSN
to [EMAIL PROTECTED] then the account is most likely bogus sender and
is refused. It works wonders for spam.
DSN has a specific definition -- look in the RFCs as I don't remember
which RFC it is offhand. But you are supposed to always accept a DSN
from <> as part of the RFCs
Supporting bounce messages from <> was part of the original RFC-821/822
specs. The fancier three-digit codes and canonical DSN format was
specified somewhat later, but I believe that the updated SMTP RFCs,
2821/2822 include it.
I just skimmed one of the RFC's to see how this works and it looks like
there's some provision for relaying the answer to the right server. I
think I misunderstood how it worked and made an incorrect assumption.
I assumed that it would not be able to figure out that
[EMAIL PROTECTED] is not a valid address given that the worlds primary
MX did not know the details of my internal addressing structure until I
implemented greylisting last October. It looks like an interesting
technique for validating email. I'll have to figure out if I can add it
to the stack of things that I do for spam prevention.
__o "All I was doing was trying to get home from work."
_`\<,_ -Rosa Parks
Christopher Sean Hilton <chris | at | vindaloo.com>
pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"