On Fri, 19 Feb 2010 21:28:41 -0800 Scott Howard <scott@doc.net.au> wrote:
On Fri, Feb 19, 2010 at 5:20 PM, William Herrin <bill@herrin.us> wrote:
On Fri, Feb 19, 2010 at 3:30 PM, Rich Kulawiec <rsk@gsp.org> wrote:
Barracuda's engineers apparently think that using SPF stops backscatter -- and it most emphatically does not.
Reject gooooood, bounce baaaaaaad. [1]
Whine all you want about backscatter but until you propose a comprehensive solution that's still reasonably compatible with RFC 2821's section 3.7 you're just talking trash.
In the case of Barracuda's long history of Backscatter the solution is simple, and is implemented by most other mail vendors - it's called "Don't accept incoming mail to an invalid recipient".
Barracudas used to have no way of doing address validation for incoming mail, so they would accept it and then bounce it when the next hop (eg, the Exchange server) rejected the recipient address. They finally fixed this a few years ago, and can not integrate with LDAP (and possibly others) for address validation. Of course, it's still down to the admin to implement it...
FUD I had a couple of these when they first came out; it was a much cheaper alternative than the self-maintained postfix/spamassassin combination we were using at that point and proved to be just as efficient. Recipient validation was trivial, it was just not switched on by default. LDAP integration was also trivial. IIRC it was called exchange accelerator. -- John