Duane Hill wrote:
On Thu, 29 Mar 2007, Marc Perkel wrote:
John D. Hardin wrote:
Can anyone recommend a non-abusive way to validate email addresses?
Yes - Sender Address Verification (SAV) works very well. It is not
abusive. Especially the way Exim implements it.
That could very well be in your scenario. In my scenario, I deal with
over 4.5 million messages per day and a SAV against MSN, AOL or the
such would get my servers blocked within 24 hours. I use to use SAV
until I started getting blocked by Hotmail. Within 24 hours, our
server had attempted verification on over 24,000 messages.
Not to throw the message way off topic. What other special way does
Exim do to verify? Ultimately you would have to make a server
connection to verify. Otherwise you would be playing the guessing game.
Exim caches the results of verify calls for several hours so repeat
calls are kept local. It also does a trick to determine if the host will
take any address and if it determines the host will take any address it
doesn't do a callout again.
Another things I do is I verify the recipient before I verify the
sender. Generally spammers are doing a dictionary attack using both fake
senders and recipients. So if the recipient doesn't exist then I don't
verify the sender.
I also do all my blacklist tests first and many other tests to eliminate
spam so sender verification is way down the line. That way I do avoid
unnecessary callouts to other servers.
So - it works very well for me. The only complaints I get are from the
SAV Nazis who hide themselves from public scrutiny.
