We have been doing sender address verification for years. Looking through the code...
We use custom MIMEDefang code around DNS::Resolver and md_check_against_smtp_server(). We wrap the md check in a block and use alarm() to timeout, as MD's timeout doesn't always work (e.g. if the server is intentionally or unintentionally tarpitting where TCP responds quickly but SMTP is slow). We do our callback from the NULL sender address. We do not perform the check if the sender to us is the NULL sender. If we get a TEMPFAIL result, but the message matches /gr[ae]ylist/i, we treat the address as valid. We exempt *.bounces.google.com because they fail verification and we don't want the score increase from it. We special-case *@charter.net, as they (at least at one time) reject the NULL sender completely! We accept MXes that point to CNAMEs, even though that is an RFC violation. We cache invalid results for 1 hour and valid results for 7 days. We add 1.5 points for a tempfail and 3 points for a reject. None of these values were exhaustively optimized. -- Richard _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang