verizon.net and other email grief

• Previous message (by thread): verizon.net and other email grief
• Next message (by thread): verizon.net and other email grief
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paul G <paul at rusko.us> wrote:
> [...] they also have what they call 'callout verification', which is
> equivalent to what is being discussed, but the documentation makes
> the drawbacks painfully clear and suggests that it only be used
> against hosts within the same organization.

No, that caveat is given for *recipient callforward verification*
which is dangerous if turned on blindly. I know, I tried it for a very
short while :)

> i'm not a fan of exim, but it appears that although they've given
> users the rope, they've been diligent enough to label it
> appropriately.

Sender callback verification is a different beast and is highly
effective against spam. It does of course not come without its price
of false positives caused by misconfigured senders. Unlike other
mechanisms, it at least doesn't inconvenience senders who haven't
botched their mail system.

The only false positives I see are things like web sites that mail
from a webserver role account which doesn't have a mailbox. Even so,
ecommerce sites are learning to not do this, and ordered goods usually
turn up regardless of whether or not an automatically-generated
confirmation email arrives.

-- 
PGP key ID E85DC776 - finger abuse at mooli.org.uk for full key

• Previous message (by thread): verizon.net and other email grief
• Next message (by thread): verizon.net and other email grief
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]