--On Friday, December 10, 2004 15:38 -0500 Paul G <paul@rusko.us> wrote:
----- Original Message ----- From: "Paul Trebilco" <ptreb@server101.com> To: <nanog@merit.edu> Sent: Friday, December 10, 2004 3:30 PM Subject: Re: verizon.net and other email grief
How so? Are you maybe confusing reject with bounce? If address verification takes place while the SMTP connection is still up, no forged adresses get messaged, at least not by the server doing the rejecting.
oh, so you would be ok with someone joe-jobbing you on their 1 million messages/day spam run and getting 1 million 'verification' connections to your mailserver farm?
Far less traffic than the bounces would create at both ends. Yes this doesn't prevent it from happening if the address is real, but that's why I mentioned SPF in my previous email......That helps to verify the sender can send email for a given domain, and if that passes, then you want to see if the sender exists, if both pass then you can go on to other methods. OF course I'd first check blacklists before any of this, but that's my personal preference.