On Sun, Apr 26, 2009 at 14:01, Adam Katz <antis...@khopis.com> wrote: > Charles Gregory wrote: >> On Fri, 24 Apr 2009, Adam Katz wrote:
> > The more pressing point (since fixing the one you mentioned is pretty > simple) is that when you use a call to a sender's MX record and either > use SMTP's VRFY command or pretend to begin a message, you're wasting > their bandwidth and even acting like a spammer yourself. > > In extreme cases, this is also an accidental DDoS attack. A spammer > aware of such mechanisms can use SAV-enabled servers LIKE YOURS to > purposefully launch DDoS attacks against whomever they're forging. > Yup, SMTP callbacks and challenge-response mechanisms are both major blights upon the internet. They're rude, they're prone to abuse, they're pushing your spam problem onto someone else's servers... and on and on. There's no excuse for using them. (and, frankly, whenever I get a stray challenge-response, I answer it ... and I'm not the only one, so that also means that challenge response mechanisms aren't reliable, exactly because you're pushing your spam solution onto someone else, and you have no idea what that someone else might do about it)
