Marc Perkel wrote: > > > Matt Kettler wrote: >> Marc Perkel wrote: >> >>> I'm having problems with my spam filtering servers getting listed on >>> UCEPROTECT and can't figure out why. Is anyone familiar with how this >>> blacklist works and what I need to do to not get listed? >>> >>> They seem to hate sender verification - but I'm not going to give that up. >>> >> What do you mean by "sender verification".. .you mean challenge-response >> systems (ie: TMDA)? Or do you mean systems that connect back durring the >> MAIL FROM: phase and merely validate an address exists without >> delivering mail? >> >> If you mean challenge-response systems, then in my opinon you're a >> spammer and belong in a blacklist. >> >> > > Sender Verification is an Exim trick. What it does is start a sequence > where my server starts to send an email back to the sender address to > see if it's a real email account. But I do a quit after the rctp to: > command. If the receiving end says the user doesn't exist then I block > the email. > > I don't know if other MTAs support sender verification but if they > don't they should. It's a very good trick for blocking spam at connect > time.
That seems reasonable.. several ISPs do this now too (ie: verizon). Sendmail can do it with milter-sender too. That said, some folks still hate it because you're using some (very little) of their CPU and network to handle your spam. I personally think they're wound over-tight about it, but it can drive your IDS guy nuts. (IDS systems generally don't like sporadic seemingly useless connections, they look like someone trying to do slow recon.) I also don't think it really buys you that much, as most spam nowdays seems to use real deliverable addresses for the envelope. Do you have any stats on how well this works for you? I personally only do a MX (or implicit MX) check on the domain of the envelope sender.
