ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 0. General - For Hector Santos

2003-12-18 22:28:32
from [Kee Hinckley] [Permanent Link] 
At 8:44 PM -0500 12/18/03, Hector Santos wrote:

seems ok now.  I think it might have been a timeout.   As you can see there
was a 10 second delay in the response.   I need to increase this timeout.
That will resolve it.
That will make it less likely. Failures are always possible, and long delays as well. True, spam is more likely to delay longer--legit senders tend to have better DNS servers, but it won't solve the problem. What we've found is that every DNS-related test needs to have three exit paths--succeeded, failed, and didn't finish. And even failed can't always be trusted. (Nor succeeded, if Verisign pops up its ugly head again.)
We use mail verification in certain limited circumstances with our software. It can't be used as a definitive indicator, but it can add some weight to a decision. One thing you will run into. There are a quite a few auto-responders out there (including at least one challenge/response system) that send replies to anyone who sends them a RCPT TO--regardless of whether you send a DATA command. So make sure your MAIL FROM is *not* the recipient of the message you are testing, but is a separate address that can handle spurious replies. 


rwcrmhc13.comcast.net is the client domain provided by your MTA at the
HELO/EHLO state.  It is just logged in wcSAP and will be used in the future
when the SMTP specs are tighten.
That particularly tightening will never happen. At the HELO prompt most mail servers have absolutely no idea what domain is going to be used in the MAIL FROM of the message, and of course there may be multiple MAIL FROM's from multiple domains in a given session. You could ask, and it could happen, that the domain in the HELO actually resolve to the machine doing the sending (although even that can be problematic). But mapping it to a relationship with the MX of the MAIL FROM is a major architectural change. 


Maybe if you shit and get off the pot and WRITE SOME BETTER SOFTWARE with


Feel free to try it and see if you think it's better :-).
--
Kee Hinckley
http://www.messagefire.com/         Next Generation Spam Defense
http://commons.somewhere.com/buzz/  Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Asrg] Re: anti-spam measure (was: Undeliverable mail), Claus Assmann
Next by Date:  Re: [Asrg] [1] Why SPAM is worse in SMTP than in other protocols, Alan DeKok
Previous by Thread:  Re: [Asrg] 0. General - For Hector Santos, Yakov Shafranovich
Next by Thread:  Re: [Asrg] 0. General - For Hector Santos, Dr. Jeffrey Race
Indexes:  [Date] [Thread] [Top] [All Lists]