"Friends Only"
Martin Hepworth
martinh at solidstatelogic.com
Mon Oct 2 15:55:17 IST 2006
Matt Hampton wrote:
> Greg Borders wrote:
>> Greetings list-mates,
>>
>> The PHB's have discovered the ability of some mail systems that require
>> you to "validate" your address before they will accept messages, thus
>> avoiding SPAM. Example, surgemail has a "Friends System"
>> http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a
>> package that sits between the MTA and MUA and does the authentication.
>>
>> Yippie yay, now they want it too. -_-
>>
>> Without wanting to spark any further heated debates on autoresponders,
>> I wanted to query the group and see if there was any slick bolt-ons for
>> sendmail / MailScanner / Mailwatch out there that might take advantage
>> of some whitelisting mechanisms we already have. I can see potential of
>> a custom script within MailScanner that could send a subscribe/verify
>> message, and then auto-add to a whitelist upon receiving a proper
>> response from the human sender.
>>
>
> Before you go down this router - try milter-sender (or I have a perl
> replacement if you are interested) which checks that the email address
> is accepted by the MX's for the domain before accepting it. I have
> found a 60% reduction in crud before it gets as far as MailScanner.
>
> I would highly recommend doing this even if you are wanting to go down
> the auto responder route and I would also suggest that the auto
> responder is placed AFTER MailScanner as it would ensure that the
> majority of Spam is removed before sending more crap to the joe jobbed
> addresses.
>
> You will also need to ensure that the email is sent from a different IP
> than your outbound email as it will only take about a week before you
> will be in SpamCop.
>
> Matt
>
>
And of course this auto resonder 'annoys' people when they get the
autoresponder emailing them when they never sent you a message in the
first place..(bit like bouncing spam, autoresonders are a bad idea).
http://spamlinks.net/prevent-secure-backscatter-fake.htm
(for one of many good links on why bouncing spam/autoresponders are a
bad idea).
Besides milter-sender there's also milter-ahead which checks the 'to'
address existing on your system (if you're not using sendmail see the
mailScanner wiki for your MTA on how to do this). Again using this
technique you can drop over 66% of inbound traffic...
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
More information about the MailScanner
mailing list