This is a discussion on RE: Any mailbox-challenge plugin? - SpamAssassin ; > > and isn't > > considered to be that much better than C/R (it doesn't clutter a > > forged-sender's mail box, but it can bog down a forged-sender's mail > > server with verification requests). >=20 > Well, ...
> > and isn't
> > considered to be that much better than C/R (it doesn't clutter a
> > forged-sender's mail box, but it can bog down a forged-sender's mail
> > server with verification requests).
> Well, it may be. I know, however, that a lot of people is doing this
> MTA level in order to reject mails with forget sender.
Correct. That alone does not justify it though.
> Also, SAV's drawbacks may probably be mitigated by caching the
Yes but only in common cases. If someone really wants to hurt you and
uses SAV to achieve a DOS, he will succeed regardless of caching.
> > I wouldn't expect a sender verification plugin for SA to be any
> > liked than doing it at the MTA level.
> I don't mind to do something more polite with MXes or better effective
> its equivalent at the MTA level. I would like not to trash incoming
> solely because they failed a SAV check, thereby I would need a SA
> plugin for
My personal recommendation: I used SAV several years with EXIM and
simply added a header with the SAV result. This header was scored in SA
with a custom rule. No plugin necessary. I stopped using it completely
without any noticable increase in SPAM though. I have to admit though
that I switched it off the same time I switched on "Barricade MX" which
is a magnificent small proxy you install in front of your MTA. There
really is no need in SAV at the moment so my recommendation would be not
to use it.=20