Dnia 5.09.2022 o godz. 22:39:01 Atro Tossavainen via mailop pisze:
>
> So do all the ESPs. But their customers send mail, and the recipients
> are able to act upon it, informing the ESP of problem clients and
> sometimes even getting traction.
>
> In the case of email verifiers, there is no message, and there is no
> email recipient to do the same.
>
> The only people who have any visibility to the efforts of woodpeckers
> who abuse SMTP (EXPN and VRFY were disabled and even removed from mail
> software for a reason) are grumpy mail server admins who have much less
> time than your average spam recipient for this kind of behaviour.
>
> "Email verification" abusing RCPT TO produces zero benefits in exchange
> for nonzero resource use for the target system owners.
Regarding the above, I have the following question:
What do you (and maybe other people on the list) think about such email
verification method ("abusing RCPT TO") used as part of:
a) mail receiving process - I'm thinking here for example about the Postfix
feature "reject_unverified_recipient" that checks sender's email using this
method before accepting (or rejecting, if sender's email doesn't verify) the
message (see http://www.postfix.org/ADDRESS_VERIFICATION_README.html ). Some
other MTAs have similar features too, there are also milters that do this.
b) website registration process - some time ago I was maintaining some
website where people often mistyped their email addresses. Due to the nature
of the website the typical "click on confirmation link that arrives via
email" approach could not be used (the form was a part of an official
procedure, users had to fill in a lot of personal data, with email being
only one of many fields, also a lot of people filled the form on dedicated
machines available in the office that was running the website, where they
didn't have access to their email - actually, they didn't have access to
anything except the registration form). So I included the code that did the
email verification ("abusing RCPT TO") upon form submission, and in case of
a verification failure, asked the user to correct the address.
Do you think using this method of email verification in such cases is OK or
not?
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
