Re: [tlug] state of the art filtering

[Tobias Diedrich <ranma@example.com>]

Attila Kinali wrote:
> On Tue, 16 Mar 2010 19:48:29 +0900
> Curt Sampson <cjs@example.com> wrote:
> > But how do you define an "invalid" envelope-from? As we've seen in
> > other things that have come up on the list, validity changes from
> > place to place and time to time. And while there are various checks
> > you can try to do, none of these guarantee that the address can
> > actually be delivered. 
> 
> I do a reverse delivery check. Ie the MTA tries whether the envelope-from
> can be reached _and_ accepts mails. The result of this test is cached
> in a local database. 

I did that in the past, but the following points convinced me to
stop and use greylisting instead:

If a server receives a lot of spam may do a lot of callbacks. If
those addresses are invalid or spamtrap, the server will look very
similar to a spammer who is doing a dictionary attack to harvest
addresses. This in turn might get the server blacklisted
elsewhere.

Every callback places an unasked for burden on the system being
called back to, with very few effective ways for that system to
avoid the burden. In extreme cases, if a spammer abuses the same
sender address and uses it at a sufficiently diverse set of
receiving MXs, all of which use this method, they might all try
the callback, overloading the MX for the forged address with
requests (effectively a Distributed Denial of Service attack).

-- 
Tobias						PGP: http://8ef7ddba.uguu.de