Charles Gregory wrote: > On my system I also have SMTP-callbacks, so if the envelope sender is > not deliverable ...
I read recently that that's a Bad Thing (and I'm leaning on agreeing): http://www.backscatterer.org/?target=sendercallouts Sure, you can justify it with CAN-SPAM mentality (you're required to facilitate one transaction for the opt-out, etc), but it's an interesting point nonetheless. I had (once upon a time) though about implementing a system where it uses a series of fail-overs, so e.g. try DKIM, then SPF, then SAV (Sender Address Verify, a.k.a. Sender callouts, a.k.a. SMTP-callbacks). This means that SAV would not be used for any domain that already has DKIM or SPF. Since I also have greylisting in front of all of that, that would make the invasive SAV calls far more rare and targeted mostly at legit senders rather than forged ones. Thoughts?
