On Wed, Mar 10, 2004 at 07:27:15PM -0600, wayne wrote:
In <20040311021617(_dot_)A2461(_at_)slot(_dot_)hollandcasino(_dot_)net> Alex
van den Bogaerdt <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net> writes:
Are you by any chance doing dynamic RCPT validation _without_ making sure
the RHS is valid?
It is my understanding that Hector will check to make sure that the
RHS of the RCPT TO address is a customer that his system is willing to
forward to.
Quote from the previous message:
In step 5a, you can have a SPF compliant spammer who uses a bad address but
compliant domain so that it SPF-passes the test. But since you did not
perform dynamic RCPT validation, your system is now overloaded with bounces
that will expire and never make it.
In other words, he's testing the sender (spammer, invalid(_at_)SPF_allowed_RHS)
IMHO you need SPF... Once you've validated the RHS, you can do call backs.
That is certianly much more valid if you are doing MAIL FROM call backs.
I think he did mean that.
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags