IP address reputation, BorderWare

Scott Silva ssilva at sgvwater.com
Thu Mar 22 23:57:58 CET 2007


Kevin Miller spake the following on 3/22/2007 3:30 PM:
> Scott Silva wrote:
> 
>> While I don't think that it is as bad as spammers, it does seem like
>> throwing gasoline on the fire. Say I get 1000 bad addresses. I have
>> just doubled that by verifying. If I got one million, now there is 2
>> million. And you aren't punishing the spammer. You are punishing the
>> poor server that was spoofed. 
> 
> Granted, it's not optimal, but I think it's the lesser of various evils.
> What I can't fathom is why so many companies (even big ones like AOL)
> bounce spam, or send NDRs to the forged from.  I'd much rather my server
> receive a recipient verification request, than an NDR to one of my users
> that clearly didn't send the original.  Sigh.
> 
>> There needs to be a smart verifier that does a dns lookup first to
>> see if the mail even came from a valid ip address for that domain
>> BEFORE it even considers doing a verify. That would drop a lot of the
>> crap without punishing poor Mr. Innocent's  server.
> 
> You mean like, er, SPF?
> 
> 
> ...Kevin
Yes ... like SPF but without all the people who have ~all in their records!


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!



More information about the MailScanner mailing list