On Sat, 26 Feb 2005, Brian W. Antoine wrote:
I believe you're underestimating what the response to getting a flood
of DSN's from your server will be, even if most of them get rejected, but
that's your call to make.
Starting to send a DSN to see if it would succeed (CBV) is a very common
email authentication technique. Verizon is a large ISP that uses it.
It has the merit of simplicity and compatibility with existing standards.
The down side is that tcp connections are expensive, and if CBV were widely
used, a joe job would turn into a DOS attack. I only do CBV when other
methods (e.g. SPF, valid HELO name, local whitelist, etc) fail.
The only addition to a standard CBV I am making is actually sending a DSN
to alert/pester the unprotected/mismanaged domain about their problem.
I will keep an eye on who is getting the DSNs. Hmmm, since the last
update, they've gone to:
martinaperry(_at_)optimus(_dot_)pl
synj21ybl(_at_)quiknet(_dot_)com
sales(_at_)unwined(_dot_)biz
info(_at_)cbpchile(_dot_)cl
mstrong_31(_at_)iie(_dot_)his(_dot_)se
Rzgn(_dot_)Penn(_at_)charter(_dot_)net
bill(_dot_)wallace(_at_)comcast(_dot_)net
I can see that users on charter.net and comcast.net are not going
to benefit - I should add those domains to my "reject on neutral"
list.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.