Nikolay Shopik wrote:
On 8/26/2007 12:08 AM, John Rudd wrote:
mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some more backup MXs (that don't exist) on top of that, that may
help to reduce the influx on the real one.
Using bogus MX records is a very bad idea. Google for bogusmx and for
check_sender_mx_access.
So, how exactly does "using bogus MX records" differ from "nolisting"?
Because, the latter does seem to generally be thought of as a rather
good anti-spam technique (it only catches spammers and a few very odd
non-RFC compliant MTAs that don't check all MX records). If you have
a one or more valid MX records, and one or more non-responsive MX
records, then only non-RFC complaint MTAs will have a problem with
that. We shouldn't care about the cases which break non-RFC compliant
MTAs, as they're only used by morons.
Further, how does check_sender_mx_access differ from Sender Address
Verification (SAV)? (where SAV is an INCREDIBLY bad idea, and a blight
upon the internet)
(meaning: if check_sender_mx_access is just the postfix name for SAV,
then we not only shouldn't avoid techniques that break
check_sender_mx_access, we should all openly adopt techniques that
break check_sender_mx_access as a means to further remove the SAV
blight from the internet)
Why you so against SAV? I don't see big problem with that, just because
it's not in RFC doesn't mean it shouldn't be there. SMTP need some kind
verification of senders for decades already.
It's abusive, because it is essentially the same as sending email
bounces, in that it has a huge impact upon innocent bystanders whose
addresses are being forged. A huge spam flood could bring an innocent
site to its knees by having to answer all of those SAV requests.
It is also similar to TDMA type verifications, only you're asking the
remote MTA for verification, instead of the remote sender.
It's rude, because the SAV using site is using someone else's CPU power
in determining their anti-spam actions. It's also stupid for the same
reason (letting someone else decide what mail you will or wont accept).
Here's some other thoughts:
http://taint.org/2007/03/16/134743a.html
http://spam-vs-freedom.blogspot.com/2007/06/sender-address-verification-we-told-you.html
