From: Derek J. Balling
Date: 2007-02-07 08:51:09 -0500
Subject: Re: Per user settings
More information..: http://www.milter.info/#Support
> Defending callbacks: Lets look at the numbers here. A call back
> is going to generate about 500 bytes of traffic. It is done during
> the envelope phase. So, if it succeeds, the address is a little
> more verified. If it fails, the incoming message is rejected, with
> a DSN not going to the place we just called back to unless the
> sending IP is forwarding, and the 1K-20M payload of the message
> was never transfered. It is a win all around.
*TODAY* it is, because (again, thankfully) there aren't that many
misguided sysadmins implementing it.
*TOMORROW*, if it should ever become prevalent, those spammers are going
to start using real addresses. And then all your verifications will
happily succeed, eliminating its usefulness as a check, but causing
great pains to the owners of the addresses used in the envelope senders.
> So you will take mail from both email@example.com and
> firstname.lastname@example.org? Ouch.
Yes, I will, because I recognize that the long-term ramifications of
what you're describing are a *worse* place to be than where we are now,
not a better one.
> Credentials: I am the sysadmin for an ISP, and I wrote my own callbacks
> about 6 months before Anthony wrote his.
Credentials: I used to work for a large webmail provider who you
mentioned doesn't presently use SPF records, so I tend to think about
"how things scale" to a much larger extent than most subscribers to this
list may be used to dealing with.
Copyright 2009, 2012 by SnertSoft. All rights reserved.