In <200305190208(_dot_)h4J28JNw009481(_at_)calcite(_dot_)rhyolite(_dot_)com>
Vernon Schryver <vjs(_at_)calcite(_dot_)rhyolite(_dot_)com> writes:
] From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
] ...
] Understood. One reason I chose a recent sample was to try and avoid
] missing accounts due shutdown. Those tests were run within 24 hours
] of the time I received the email. Of course, we have no way of
] knowing when the spammer set up their software, or how long they've
] been using that particular account.
Some people use (or talk about using) a Rcpt_To test on sender
addresses to detect spam. Their false positive and negative ratios
would be interesting.
I run exim with "sender_verify_hosts_callback" enabled. This causes
exim to connect back to the sending domain and uses a "MAIL FROM:<>",
"RCPT TO:<envelope_from(_at_)sending(_dot_)domain>" pair off commands to make
sure a potential bounce would be accepted.
It rejects quite a bit of email, but probably 60-80% of the spam
passes the test.
From what I can tell, the false positives are very low. While systems
may not reject an invalid email address immediately, they shouldn't
ever reject valid email addresses. The biggest problem I've had has
been with some yahoo groups mailing lists where Yahoo's "bounce MTA"s
were refusing connections. In this situation, exim would give a
temporary failure, and Yahoo would try again, but only a few times. I
ended up adding a special case exception for them.
-wayne
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg