Kelly Jones wrote: > To fight spam, I want to validate the address (not necessarily in > real-time) of the a given email sender.
1: SMTP sender validation is controversial as it increases load on innocent mail servers. (This can result in effective DDoS attacks against non-large systems.) 2: Using this type of sender validation can make *your* server look like an address probe. It can also make your server connect to spam traps. This means that the validation can get *your* server blacklisted. 2: Don't verify at RCPT TO as this could create a loop condition between two SMTP servers. 3: Since this is a SpamAssassin list you really should ask if it can be done in SpamAssassin. It can. I've got an experimental SpamAssassin plugin for this. > A more sophisticated tool would cache results, My plugin does this. It also excempts addresses looking like mailing list bounce addresses from the checks. And it only does the checks if the result has the possibility opf changing wether SA considers the message as spam or not. > handle temporary failures And this. > Plus, I'd prefer to > use a tested tool vs hacking something up myself. My plugin works here, but I consider the whole concept as experimental, controversial and higly questionable. I have no idea wether the plugin works in any setup except ours and I will not give any support to anyone using it. This does make use of it almost the same as hacking something up yourself. My SA plugins are at <http://whatever.frukt.org/>. Regards /Jonas -- Jonas Eckerman, FSDB & Fruktträdet http://whatever.frukt.org/ http://www.fsdb.org/ http://www.frukt.org/
