"Friends Only"

[Greg Borders]

Martin Hepworth wrote:
> Matt Hampton wrote:
>> Greg Borders wrote:
>>> Greetings list-mates,
>>>
>>> The PHB's have discovered the ability of some mail systems that require
>>> you to "validate" your address before they will accept messages, thus
>>> avoiding SPAM.  Example, surgemail has a "Friends System"
>>> http://netwinsite.com/surgemail/friends.htm, and eMoustTrap has a
>>> package that sits between the MTA and MUA and does the authentication.
>>>
>>> Yippie yay, now they want it too. -_-
>>>
>>> Without wanting to spark any further heated debates on 
>>> autoresponders, I wanted to query the group and see if there was any 
>>> slick bolt-ons for
>>> sendmail / MailScanner / Mailwatch out there that might take advantage
>>> of some whitelisting mechanisms we already have.  I can see 
>>> potential of
>>> a custom script within MailScanner that could send a subscribe/verify
>>> message, and then auto-add to a whitelist upon receiving a proper
>>> response from the human sender.
>>>
>>
>> Before you go down this router - try milter-sender (or I have a perl
>> replacement if you are interested) which checks that the email address
>> is accepted by the MX's for the domain before accepting it.  I have
>> found a 60% reduction in crud before it gets as far as MailScanner.
>>
>> I would highly recommend doing this even if you are wanting to go down
>> the auto responder route and I would also suggest that the auto
>> responder is placed AFTER MailScanner as it would ensure that the
>> majority of Spam is removed before sending more crap to the joe jobbed
>> addresses.
>>
>> You will also need to ensure that the email is sent from a different IP
>> than your outbound email as it will only take about a week before you
>> will be in SpamCop.
>>
>> Matt
>>
>>
>
> And of course this auto resonder 'annoys' people when they get the 
> autoresponder emailing them when they never sent you a message in the 
> first place..(bit like bouncing spam, autoresonders are a bad idea).
>
> http://spamlinks.net/prevent-secure-backscatter-fake.htm
> (for one of many good links on why bouncing spam/autoresponders are a 
> bad idea).
>
> Besides milter-sender there's also milter-ahead which checks the 'to' 
> address existing on your system (if you're not using sendmail see the 
> mailScanner wiki for your MTA on how to do this). Again using this 
> technique you can drop over 66% of inbound traffic...

Thanks for the replies fellas. I totally agree this is a bad idea.
I fully am aware of the milter techniques to reduce SPAM in general.  
(I'm using milter-greylist, and greet-pause features already.)

This is more along the lines of the PHP's seeing something they perceive 
as 'slick', and wanting it for themselves, not realizing the hornet's 
nest of autoresponder complications that can occur on the back end.  
I'll send the info up the line and let them sweat it out if they want to 
risk getting SpamCop-ed. Thanks for the link Martin, Great info/ammo for 
PHB's there. ^_^






--
This transmission may contain information that is privileged, confidential
and/or exempt from disclosure under applicable law. If you are not the
intended recipient, you are hereby notified that any disclosure, copying,
distribution, or use of the information contained herein (including any
reliance thereon) is STRICTLY PROHIBITED. If you received this transmission
in error, please immediately contact the sender and destroy the material in
its entirety, whether in electronic or hard copy format. Thank you.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.