Post by Ian Eiloart Post by Peter Bowyer Post by Ian Eiloart
Actually, the only thing 'Perkel specific' here is the objections that
are being raised. Had anyone else started this thread, I don't believe
those objections would have been raised.
It's certainly not unusual to discuss the merits of implementing certain
features that Exim provides. Indeed, it's quite common for people to
reply "you should not do that" in response to a "how to question".
True, but the merits or otherwise of sender callbacks are a path
well-trodden - a bit like the SPF example that Nigel quotes in the
list info on the wiki.
Perhaps. I've not checked, but I don't recall any discussion of RBLs
listing (or claiming to list) servers *because* they do sender address
verification callouts. I'm grateful to Marc for alerting us to this. I also
think its interesting to find out something about the RBL, and the people
behind it (including what disinformation is out there).
So, I think this thread has been useful, and would have died already were
it not for the unnecessary complaints.
The two lists I mention UCEPROTECT and APEWS block people who do sender
verification callouts. And they have manually added me to the list
because I'm standing up to them about it. If you search google you'll
find that they started blocking Verizon for the same thing.
The reason I know that they manually entered my data into their system
is that they list specific IP addresses of mine that I used for dummy MX
records that they claim to have received activity from when I know that
there has never been a computer on those IP addresses. That why I'm
trying to hunt these people down and expose them. I'm pretty sure at
this point that APEWS is just a front for UCEPROTECT allowing them to do
more mischevious stuff than they would do under their company name.
Here is the policy of UCEPROTECT
*What we consider abusive too!*
Spamming is not the only thing that can get your IP address or netblock
Actually following techniques are considered abusive too, even if some
seem to become or are very popular;
SRS (Sender Rewriting Scheme)
<http://www.uceprotect.net/en/index.php?m=10&s=12>, Sender callouts
(Verifys) <http://www.uceprotect.net/en/index.php?m=10&s=13>, Virus
reports <http://www.uceprotect.net/en/index.php?m=10&s=14>, Backscatter
Simply use common sense before using any new technique. If a technique
or procedure is capable of causing your computer system to be part of a
DDOS against others, you would be better not use it.
*Please read the submenus to get an idea what you should prevent to do.
The thing is with Exim sender verify is extremely light and it works
really well when done correctly. And Exim - thanks Phil - does it
correctly, and then some. I welcome sender verification calls myself
because it keeps spammers from wanting to use domains that I host as
fake from addresses which greatly reduces the load on my servers. Sender
Address verifiction works.
So - when someone is adding people to spam block lists like me and
Verizon because we use SAV then that's an issue that is worth discussing.
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/