Marc Perkel wrote:
I'm using Exim which caches sender verification results so if the attacker uses a single forged address it would only result in a callout ever 2 hours or so.
You really didn't read that page, did you? Yes, it works well for you. But if everyone is doing it, it will fail. This isn't the ARPAnet, and we no longer know the other 52 sites personally. -- Jo Rhett Network/Software Engineer Net Consonance
