> > Giampaolo Tomassoni wrote:
> > > anyone knows of a SA plugin to score mails based on challenging the
> > > sender e-mail?
> > >
> > > I don't mean C/R, but instead just attempt an SMTP session in order to
> > > see if the source mailbox is known to the sending domain's MX. If it
> > > isn't, the plugin applies a score to the e-mail.

> > -----Messaggio originale-----
> > Da: John Rudd [mailto:jrudd@ucsc.edu]
> > Doing it at the MTA is called "Sender Address Verification", and isn't
> > considered to be that much better than C/R (it doesn't clutter a
> > forged-sender's mail box, but it can bog down a forged-sender's mail
> > server with verification requests).

On 22.07.07 16:22, Giampaolo Tomassoni wrote:
> Well, it may be. I know, however, that a lot of people is doing this at the
> MTA level in order to reject mails with forget sender.

I am really curious how do they behave when there's forged sender and both
MTA's use this. Either they will cycle forever (so they will never know if
either address is OK), or they will stop checking (so the spam will pass
because spammer forged domain with SAV implemented) or the mail (even
legitimate!) just will not pass...

Once I'll try this on two or more such systems (in parallel!) and see if
they will DoS each other...

> Also, SAV's drawbacks may probably be mitigated by caching the results.

I don't think so. The problem with first connection will still defeat the
whole system... at SA level it may be much worse because your computer will
spend much more CPU cycles when checking it.

Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows 2000: 640 MB ought to be enough for anybody