On Mon, 5 Sep 2022, Atro Tossavainen via mailop wrote:
Regarding the above, I have the following question:
What do you (and maybe other people on the list) think about such email
verification method ("abusing RCPT TO") used as part of:
a) mail receiving process - I'm thinking here for example about the Postfix
feature "reject_unverified_recipient" that checks sender's email using this
method before accepting (or rejecting, if sender's email doesn't verify) the
message (see http://www.postfix.org/ADDRESS_VERIFICATION_README.html ). Some
other MTAs have similar features too, there are also milters that do this.
Yes, Sender Address Verification is abusive as well because it causes
the systems doing it to woodpecker on anybody whose addresses are forged
as senders in spam.
I agree with Atro here.
b) website registration process - some time ago I was maintaining some
website where people often mistyped their email addresses. Due to the
nature of the website the typical "click on confirmation link that
arrives via email" approach could not be used
List members will probably argue eloquently for why "could" is the
wrong word to use here. I don't mean there is anything wrong with
your grammar, your language is perfectly fine.
anything except the registration form). So I included the code that did the
email verification ("abusing RCPT TO") upon form submission, and in case of
a verification failure, asked the user to correct the address.
...potentially causing some users not to be able to fill in the form
at all if the receiving email system was aware of such attempts and
refused to serve them. ;)
Do you think using this method of email verification in such cases
is OK or not?
Atro appears to object to this use. I disagree.
Arguably this is less expensive than "double opt in", which is doing a
similar thing.
He may be right that some systems will recognise and block sites that
do this sort of verification.
One way around that might be for the
final step be to send the applicant a copy of their completed form.
If this bounces, then you ask them to correct the address.
Of course, if they give *someone-elses* email (whether by accident or
deliberately) you have just mailed personal data to a third party ...
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
