John Levine:
> >Should I disable SAV for some domains to prevent blacklisting? Which domains?
>
> Yes. All of them.
>
> SAV is widely considered to be abusive, since it is technically
> indistinguishable from spammer address verification. It's also rather
> ineffective since great amounts of spam now uses random sender
> addresses taken from the spam lists. That means the spam has a real
> return address, but not one with any relation to the actual source of
> the mail.
SAV should not be used, except when a server is really, really,
really, small (such as a single-user low-volume "vanity" domain).
Even when many spammers use "real" sender addresses, I find that
the bulk of sender addresses are inoperable for various reasons,
by the time the campaign passes greylisting on a tiny single-user
domain.
The opposite of SAV, recipient address verification, remains a
practical way for gateway servers to discover the down-stream user
population, when up-to-date information is not available.
Wietse
