On Tue, Mar 09, 2004 at 10:06:37PM -0500, Hector Santos wrote:
In my technical opinion, the best way to operateis to perform dynamic RCPT
validation at the SMTP level so that you can avoid bounces in the first
place.
In step 5a, you can have a SPF compliant spammer who uses a bad address but
compliant domain so that it SPF-passes the test. But since you did not
perform dynamic RCPT validation, your system is now overloaded with bounces
that will expire and never make it.
Are you by any chance doing dynamic RCPT validation _without_ making sure
the RHS is valid?
Spammer connects to your server, claiming to be $random(_at_)$mydomain
You connect to -my-server- so _I_ have to waste my resources?
IMHO you need SPF... Once you've validated the RHS, you can do call backs.
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags