[Mimedefang] md_check_against_smtp_server and md_graphdefang_log

David F. Skoll dfs at roaringpenguin.com
Tue Mar 26 17:09:30 EDT 2013


On Tue, 26 Mar 2013 13:45:31 -0700 (PDT)
kd6lvw at yahoo.com wrote:

> --- On Tue, 3/26/13, David F. Skoll <dfs at roaringpenguin.com> wrote:
> > Attempting to deliver to nonexistent recipients is by far the most
> > common cause of backscatter, and doing an SMTP call-forward on the
> > ultimate destination is a simple and cheap way to avoid this.

> Point noted, but your response seems to assume (or at least I infer)
> that no other measures to prevent backscatter are implemented.  At
> the point that this remote check can be performed, one has already
> passed the point where an SPF check (and other similar methods) has
> occurred (or can), and if failed, has probably been rejected during
> the SMTP transaction thus meaning that this remote check will not be
> performed.

SPF is completely useless in the following sense: Rejecting mail because
of SPF "fail" will absolutely cause valid mail to be rejected.  You (and I)
may say "Tough luck for domains that publish broken SPF records", but for
some reason our customers don't see it that way.

Because it is not practical to reject messages because of SPF fail,
you have no choice but to guard against backscatter.  And while an
LDAP or other form of directory lookup is the superior approach,
real-world constraints often limit you to using an SMTP call-forward.

> In my opinion, a message with other than an SPF fail is a candidate
> for a DSN, although I always reject during the SMTP transaction when
> possible.  If a domain or hostname manager has not chosen to protect
> his message source with SPF, that's his problem - because he's
> effectively saying that he doesn't care about receiving backscatter
> (or with SPF softfail, wants it), or is too ignorant on how to
> properly run a mail server and needs a lesson.

That may well be your opinion, but that's because you don't have
paying customers who rely on you to relay their mail.  It's very easy
to be cavalier with your own email; not so easy with tens of thousands
of end-users.

Regards,

David.



More information about the MIMEDefang mailing list