Chuck Swiger wrote:
The idea is pretty simple: when someone sends you an email, you delay
accepting it until you can confirm that you can send a reply back to
the sending address, or more precisely, check whether you can do a
MAIL FROM: your domain and RCPT TO: the sender, and have it return OK,
without actually going into the DATA phase and delivering a test message.
This idea works fine for normal email addresses, but fails miserably
with certain types of automated email which is not intended for people
to reply to, and it also tends to lose out with TDMA
(http://tmda.net/). More importantly, it also fails to work with
itself-- other people using "sender verification callouts" cause a
loop of failed deliveries, as neither side trusts the other.
The larger problem as well is that it doesn't scale. Someone forging a
From header out of a botnet could easily DDoS a smaller server
completely off the net if enough people implemented this system.
Antispam measures that are in and of themselves abusive aren't generally
considered to be good ideas.
Jay Chandler / KB1JWQ
Living Legend / Systems Exorcist
Today's Excuse: SCSI Chain overterminated
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"