On Sat, Dec 30, 2006 at 02:10:14PM +0000, Paul Waring wrote:
> I've seen a lot of announcement/verification emails (such as Amazon
> orders) which go out from an address that does not exist - presumably
> such emails would be blocked by sender verification?
Yes. Sender callout verification is basically this:
% swaks -q RCPT -f '<>' -t [EMAIL PROTECTED]
=== Trying master.debian.org:25...
=== Connected to master.debian.org.
<- 220 master.debian.org ESMTP Exim 4.50 Sat, 30 Dec 2006 14:22:32 +0000
-> EHLO keid.carnet.hr
<- 250-master.debian.org Hello keid.carnet.hr [161.53.160.10]
<- 250-SIZE 62914560
<- 250-PIPELINING
<- 250 HELP
-> MAIL FROM:<>
<- 250 OK
-> RCPT TO:<[EMAIL PROTECTED]>
<** 550 unknown user
-> QUIT
<- 221 master.debian.org closing connection
% swaks -q RCPT -f '<>' -t [EMAIL PROTECTED]
=== Trying master.debian.org:25...
=== Connected to master.debian.org.
<- 220 master.debian.org ESMTP Exim 4.50 Sat, 30 Dec 2006 14:22:49 +0000
-> EHLO keid.carnet.hr
<- 250-master.debian.org Hello keid.carnet.hr [161.53.160.10]
<- 250-SIZE 62914560
<- 250-PIPELINING
<- 250 HELP
-> MAIL FROM:<>
<- 250 OK
-> RCPT TO:<[EMAIL PROTECTED]>
<- 250 Accepted
-> QUIT
<- 221 master.debian.org closing connection
Based on (an integrated implementation of) that behaviour, Exim makes it
possible to reject mails (at SMTP time, not via a bounce), or put the result
of the check in a variable an pass it on in a header (where you can e.g.
make SpamAssassin score on it).
> You could argue perhaps that the people sending out these emails shouldn't
> be doing this, or that developers shouldn't be using @debian.org addresses
> for that purpose, but it's not quite as clear cut as not being able to
> reply means that you don't want to receive an email.
Well, as with all automatic anti-spam measures, it's an issue of ratio -
whether the number of unverifiable senders that are also spam sufficiently
exceeds the number of unverifiable senders that are wanted. For years now,
I have observed the latter in negligible ranges. Obviously, YMMV.
People who got false positives were instantly notified, and they didn't
complain too much. Again, YMMV.
BTW, really popular systems that send out gobs of autogenerated legitimate
e-mails generally tend to switch to using verifiable addresses because they
notice that they can't deliver to people using sender verification.
Anyway, the simple fact that this is a matter of choice makes this whole
discussion moot - if someone wishes to do it, they can; if they don't,
they are perfectly free to avoid it.
--
2. That which causes joy or happiness.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
