[Top] [All Lists]

Re: [Asrg] 0. General - For Hector Santos

2003-12-18 22:28:32
At 8:44 PM -0500 12/18/03, Hector Santos wrote:
seems ok now.  I think it might have been a timeout.   As you can see there
was a 10 second delay in the response.   I need to increase this timeout.
That will resolve it.

That will make it less likely. Failures are always possible, and long delays as well. True, spam is more likely to delay longer--legit senders tend to have better DNS servers, but it won't solve the problem. What we've found is that every DNS-related test needs to have three exit paths--succeeded, failed, and didn't finish. And even failed can't always be trusted. (Nor succeeded, if Verisign pops up its ugly head again.)

We use mail verification in certain limited circumstances with our software. It can't be used as a definitive indicator, but it can add some weight to a decision. One thing you will run into. There are a quite a few auto-responders out there (including at least one challenge/response system) that send replies to anyone who sends them a RCPT TO--regardless of whether you send a DATA command. So make sure your MAIL FROM is *not* the recipient of the message you are testing, but is a separate address that can handle spurious replies. is the client domain provided by your MTA at the
HELO/EHLO state.  It is just logged in wcSAP and will be used in the future
when the SMTP specs are tighten.

That particularly tightening will never happen. At the HELO prompt most mail servers have absolutely no idea what domain is going to be used in the MAIL FROM of the message, and of course there may be multiple MAIL FROM's from multiple domains in a given session. You could ask, and it could happen, that the domain in the HELO actually resolve to the machine doing the sending (although even that can be problematic). But mapping it to a relationship with the MX of the MAIL FROM is a major architectural change.

Maybe if you shit and get off the pot and WRITE SOME BETTER SOFTWARE with

Feel free to try it and see if you think it's better :-).
Kee Hinckley         Next Generation Spam Defense  Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

Asrg mailing list

<Prev in Thread] Current Thread [Next in Thread>