David Legg ha scritto:
Stefano Bagnara wrote:
The only thing you can do against this is to use a SPF entry
( www.openspf.org ) and hope the remote mailserver use SPF.
You could implement VERP!
This is not enough, anyway. You will also have to recognize incoming
messages destinated to non VERPed email addresses as delivery
notifications to remove them.
I'm not sure I follow. I was assuming that you only apply the VERP
technique to test incoming messages that are bounce messages. I vaguely
recollect that this is a problem in itself as not every mail agent uses
a standard for this.
Right. Unfortunately a standard for bounces exists, but not every
software is compliant.
Furthermore if people uses multiple SMTP servers to send messages out
then you will loose the bounces to messages they sent via others SMTP
servers not using VERP.
This could be overcome with each SMTP server accessing a shared database
of VERP entries. Realistically though, are there that many James based
server farms out there that would need to do this?
No. As an example when I use my mobile phone I have to use a specific
SMTP server of my mobile operator. I can anyway specify my real email
address and that domain is managed by my JAMES server..
If I used VERP in my james I would not receive bounces to messages sent
by my mobile phone.
Unfortunately in SMTP there is no rule that the outgoing SMTP server
have to be the same of the MX server for the sender domain.
Which is precisely the problem with SPF. In SPF, you must list all
possible SMTP servers for your domain. This gets tricky when you are
using a third party to manage your address lists and they change the IP
address of their SMTP servers without telling you!
With SPF I can tell the world that my mobile operator is a valid sender
instead I cannot ask my mobile operator to use VERP shared with my JAMES
server ;-)
I'm not saying that SPF is better than VERP. None of them will save us
from spam. I just wanted to point out some VERP issue so our reader will
be less surprised later.
I must confess I don't use VERP (or SPF) to manage my spam. I rely
heavily on the Bayesian analysis code. Everything except mail from
authenticated users or from whitelisted addresses gets passed through
the filter and rejected if it doesn't pass. This way even so called
bounced messages get rejected if they don't look right.
Same here.
Stefano
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
