Brian Grossman <[EMAIL PROTECTED]> wrote:It might be simpler to make an SMTP connection to the MX RR of the=20 sender's domain, and maibe even do a MAIL FROM: <>, RCPT TO:=20 $senderAddress to do a simple address check.
There was a major argument about this on the spamtools list last week.
The argument can be found here:
http://xrl.us/9zd
Very interesting to read, thanks for posting it. After reading it, I realise that RCPT-TO sender checking would not be a good idea because:
1) It would effectively double the number of SMTP connections, and increase the load of the innocent victim (the joe-jobbed) or legitimate sender, rather than the bad guy.
2) When wide spread, spammers would start sending email pretending to be from real email addresses, which would be much much worse than a non existant address.
Something like SMTP+SPF would be much more lightweight and effective. Until SPF is widely implemented, checking the existance of the domain and doing a simple verification of the IP would be okay.
Happy Holidays, GFK's -- Guillaume Filion, ing. jr Logidac Tech., Beaumont, Qu�bec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/
