[76453] in North American Network Operators' Group
Re: verizon.net and other email grief
daemon@ATHENA.MIT.EDU (Michael Loftis)
Fri Dec 10 15:54:16 2004
Date: Fri, 10 Dec 2004 13:57:12 -0700
From: Michael Loftis <mloftis@wgops.com>
To: nanog@merit.edu
In-Reply-To: <11f401c4def8$3c34b780$0200a8c0@rusko>
X-MailScanner-From: mloftis@wgops.com
Errors-To: owner-nanog-outgoing@merit.edu
--On Friday, December 10, 2004 15:38 -0500 Paul G <paul@rusko.us> wrote:
> ----- Original Message -----
> From: "Paul Trebilco" <ptreb@server101.com>
> To: <nanog@merit.edu>
> Sent: Friday, December 10, 2004 3:30 PM
> Subject: Re: verizon.net and other email grief
>
>> How so? Are you maybe confusing reject with bounce? If address
>> verification takes place while the SMTP connection is still up, no
>> forged adresses get messaged, at least not by the server doing the
>> rejecting.
>
> oh, so you would be ok with someone joe-jobbing you on their 1 million
> messages/day spam run and getting 1 million 'verification' connections to
> your mailserver farm?
Far less traffic than the bounces would create at both ends. Yes this
doesn't prevent it from happening if the address is real, but that's why I
mentioned SPF in my previous email......That helps to verify the sender can
send email for a given domain, and if that passes, then you want to see if
the sender exists, if both pass then you can go on to other methods. OF
course I'd first check blacklists before any of this, but that's my
personal preference.
