Hei, On Wed, Jun 10, 2009 at 09:29:06AM +0200, Ralf Hildebrandt wrote: > > I'm looking for a tool that can handle confirmation emails with > > captcha and that works with postfix. > > > > The idea is, when somebody sends me an email and this address have > > never sent me any other mail, automatically the sender receives a > > message with a web link, explaining that is the first that it sends > > mail to me and need to authenticate. > > This is a backscatter source and will get you blacklisted in no time.
Hmm, what would be if someone use a policy server, rejecting the mail with the link for the captcha URL in it. Then the target mail server does not create backscatters for this purpose. Just I don't know if there is an already existing solution like this one. Also, I think not only sender should be validated, since spams almost always fake sender addresses, I usually get spams with senders of my friends/relatives I usually get legitim mails from too. Maybe the source IP address (or based on the source by parsing received lines in the header) should be checked too, though many mail providers has multiple outgoing mail servers, so it can an issue ... But I guess this is the same problem we have with greylisting as well. -- - Gábor
