"Friends Only"
mikea
mikea at mikea.ath.cx
Mon Oct 2 16:23:13 IST 2006
On Mon, Oct 02, 2006 at 03:55:17PM +0100, Martin Hepworth wrote:
> Matt Hampton wrote:
> > Greg Borders wrote:
> >> Greetings list-mates,
> >> The PHB's have discovered the ability of some mail systems that require
> >> you to "validate" your address before they will accept messages, thus
> >> avoiding SPAM. Example, surgemail has a "Friends System"
> >> http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a
> >> package that sits between the MTA and MUA and does the authentication.
> >> Yippie yay, now they want it too. -_-
> >> Without wanting to spark any further heated debates on autoresponders,
> >> I wanted to query the group and see if there was any slick bolt-ons for
> >> sendmail / MailScanner / Mailwatch out there that might take advantage
> >> of some whitelisting mechanisms we already have. I can see potential of
> >> a custom script within MailScanner that could send a subscribe/verify
> >> message, and then auto-add to a whitelist upon receiving a proper
> >> response from the human sender.
> > Before you go down this router - try milter-sender (or I have a perl
> > replacement if you are interested) which checks that the email address
> > is accepted by the MX's for the domain before accepting it. I have
> > found a 60% reduction in crud before it gets as far as MailScanner.
> > I would highly recommend doing this even if you are wanting to go down
> > the auto responder route and I would also suggest that the auto
> > responder is placed AFTER MailScanner as it would ensure that the
> > majority of Spam is removed before sending more crap to the joe jobbed
> > addresses.
> > You will also need to ensure that the email is sent from a different IP
> > than your outbound email as it will only take about a week before you
> > will be in SpamCop.
> And of course this auto resonder 'annoys' people when they get the
> autoresponder emailing them when they never sent you a message in the
> first place..(bit like bouncing spam, autoresonders are a bad idea).
> http://spamlinks.net/prevent-secure-backscatter-fake.htm
> (for one of many good links on why bouncing spam/autoresponders are a
> bad idea).
As regards autoresponders: if you autorespond to spam with forged
headers and envelope senders, those responses are:
o unsolicited
o bulk
o E-mail
which is how a great many mailadmins define spam.
You'll wind up in their bl[oa]cklists as a result, which I strongly
suspect is _directly_ contrary to the desires of your PHBs. At best,
Challenge/Response (or C/R) systems are not a _good_ idea, and in the
present environment, they're a Very Bad Idea Indeed.
--
Mike Andrews, W5EGO
mikea at mikea.ath.cx
Tired old sysadmin
More information about the MailScanner
mailing list