On Wed, Aug 30, 2006 at 01:37:37PM -0400, Michel Vaillancourt wrote: > > The short answer is that there's no way to do that in general, regardless > > of SA, so no. > > There is a way to do it, but someone more skilled at PERL than I would > have to carve it... you actually open an SMTP conversation with > "REMOTE_DOMAIN.com" a la: > > RCPT TO: [EMAIL PROTECTED] > 554 <[EMAIL PROTECTED]>: Relay access denied > > ... trap that "5xx" return, and you know its a bogus sender. The > plug-in adds 2 points to the score. > Get a "250 Ok" back, and you are likely "safe"... score 0.
That *may* tell you whether or not a sender is valid -- what if the server is just blocking you? What if there's a misconfiguration for a minute? What if RCPT TO works but it turns out the server would have denied you after DATA instead? What if the server is a relay which accepts all mails for a domain regardless of whether or not the downstream server will accept it? What if the email address is not a user and only receives mails (ie: spamtraps, etc.) There is no way to solve this definitively based on current protocols/etc. You can try to make assumptions with things like VRFY (most people just disable that), RCPT TO, etc, but it doesn't necessarily mean anything wrt spam. For instance, if I was going to spam people and a "sender verification" system was in use widely, I'd just start using random addresses from my list to send to other people -- if I paid attention to those that are accepted at RCPT TO, versus those that don't, then I bypass your system trivially. -- Randomly Generated Tagline: "Klingon function calls do not have 'parameters' - they have 'arguments' - and they ALWAYS WIN THEM." - Klingon Programmer's Manual
pgp6jI0yYqMrv.pgp
Description: PGP signature
