Stefano Bagnara wrote:
The only thing you can do against this is to use a SPF entry
( www.openspf.org ) and hope the remote mailserver use SPF.
You could implement VERP!
This is not enough, anyway. You will also have to recognize incoming
messages destinated to non VERPed email addresses as delivery
notifications to remove them.
I'm not sure I follow. I was assuming that you only apply the VERP
technique to test incoming messages that are bounce messages. I vaguely
recollect that this is a problem in itself as not every mail agent uses
a standard for this.
Furthermore if people uses multiple SMTP servers to send messages out
then you will loose the bounces to messages they sent via others SMTP
servers not using VERP.
This could be overcome with each SMTP server accessing a shared database
of VERP entries. Realistically though, are there that many James based
server farms out there that would need to do this?
Unfortunately in SMTP there is no rule that the outgoing SMTP server
have to be the same of the MX server for the sender domain.
Which is precisely the problem with SPF. In SPF, you must list all
possible SMTP servers for your domain. This gets tricky when you are
using a third party to manage your address lists and they change the IP
address of their SMTP servers without telling you!
I must confess I don't use VERP (or SPF) to manage my spam. I rely
heavily on the Bayesian analysis code. Everything except mail from
authenticated users or from whitelisted addresses gets passed through
the filter and rejected if it doesn't pass. This way even so called
bounced messages get rejected if they don't look right.
David Legg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
