IP address reputation, BorderWare

Kevin Miller Kevin_Miller at ci.juneau.ak.us
Thu Mar 22 23:30:05 CET 2007

Scott Silva wrote:

> While I don't think that it is as bad as spammers, it does seem like
> throwing gasoline on the fire. Say I get 1000 bad addresses. I have
> just doubled that by verifying. If I got one million, now there is 2
> million. And you aren't punishing the spammer. You are punishing the
> poor server that was spoofed. 

Granted, it's not optimal, but I think it's the lesser of various evils.
What I can't fathom is why so many companies (even big ones like AOL)
bounce spam, or send NDRs to the forged from.  I'd much rather my server
receive a recipient verification request, than an NDR to one of my users
that clearly didn't send the original.  Sigh.

> There needs to be a smart verifier that does a dns lookup first to
> see if the mail even came from a valid ip address for that domain
> BEFORE it even considers doing a verify. That would drop a lot of the
> crap without punishing poor Mr. Innocent's  server.

You mean like, er, SPF?

Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

More information about the MailScanner mailing list