On Mon, Apr 24, 2023 at 10:44:47AM +0200, Jasper Spaans via mailop wrote: > We're seeing quite some postfix PREGREET errors in incoming smtp traffic > from hosts claiming to be emailage.com (by lexisnexis). Does anyone know > whether this is just a dressed up list washing service, or would it be > worthwhile for our customers if we start whitelisting them?
I'm still investigating, but my PRELIMINARY understanding is that this is a poorly-thought-out "service" run by Lexis-Nexis. If that understanding is wrong, and five minutes from now it may turn out to be, then I apologize. But: I believe it's trying to use SMTP callbacks to verify email addresses, and that's abusive -- as well as pointless. We went through this 20+ years ago when Verizon foolishly deployed them as a putative anti-spam measure even though they have no anti-spam value whatsoever. Nor do they have any anti-phish, anti-fraud, or anti-anything-else value. Those of us [1] who analyzed them at the time pointed out the inherently abusive nature of this as well as how it could readily be used to conduct third-party attacks. I haven't re-read those message threads in a long time -- because I thought that we'd put enough stakes through the heart of this terrible idea that it would never rise again -- but perhaps that was wishful thinking. ---rsk [1] Myself, the late Bruce Gingery, and if memory serves, Steven Champeon, among others. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop