Kelson wrote:
Matt Kettler wrote:
That said, some folks still hate it because you're using some (very
little) of their CPU and network to handle your spam.
Also, a large number of verifications (say, because someone has been
sending lots of spam with forged headers) looks suspiciously like a
dictionary attack.
Exactly. In effect what sender verification does is cause your server
to perform the dictionary attack instead of the spammer.
Say im a spammer. I send messages to [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], etc and see which ones are accepted to gather valid
addresses.
With sender verfication, spammer now sends messages to
[EMAIL PROTECTED] with a return address of [EMAIL PROTECTED],
[EMAIL PROTECTED], etc. Your server does the sender check to see if
[EMAIL PROTECTED] exists. Your server is doing the work for the spammer now
and looks exactly like a dictionary attack. This could (and does) very
easily get you onto several blacklists.
Sender verification? Not for me, thanks.
-Jim
