On 2024-04-19 at 07:21:47 UTC-0400 (Fri, 19 Apr 2024 12:21:47 +0100)
Sebastian Arcus via mailop <s.ar...@open-t.co.uk>
is rumored to have said:
On 18/04/2024 14:05, Marco Moock via mailop wrote:
Am 18.04.2024 schrieb Bill Cole via mailop <mailop@mailop.org>:
I can't say that Spamhaus lists IPs that engage in the abusive
practice of remote sender verification but I would be happy to hear
that they are doing so and CSS+XBL listing is a reasonable
expression
of that sort of world-hostile behavior.
If that sender verification includes trying to send an email until
RCPT TO:, this is abusive in many cases and also uceprotect will list
such servers.
I would have to look further into this, but I was under the impression
that Exim uses the VRFY command for callout verification?
If it does that, it is a menace to both ends of the connection. The
problem is that the site asking for verification is exporting its mail
authentication load to both senders (acceptable) and random forged
unrelated 3rd parties, which is not acceptable. The vast majority of
SMTP mail servers have not answered usefully to VRFY in this millennium,
so if you were to ask one of those, your answer may bear no relationship
to reality. Which is fair.
Just to be 100% clear: your first step must be to turn off sender
verification.
Whether that solves your Spamhaus problem, I cannot say. It will help
you avoid a thousand little less-visible reputation problems that you
may be building with every attempt to verify the sender of a forged
spam.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
