[Mailman-Developers] Fixing DMARC problems with .invalid munge
Ian Eiloart
iane at sussex.ac.uk
Wed May 21 18:14:59 CEST 2014
On 17 May 2014, at 04:08, John Levine <johnl at taugh.com> wrote:
> Everyone I know who's tried to do spam filtering by SMTP callbacks to
> verify sender addresses has stopped,
Not me.
> for the dual reasons that it
> doesn't work, and it's abusive.
It is helpful, we get almost no complaints. Complaints are usually resolved by the fixing of the third party sender. NOREPLY addresses may be rejected, but not usually until after DATA: at which point we’ve already dropped the callout connection.
And, it’s not abusive if appropriate SPF checks are done first: obviously, you don’t do the callout if you get an SPF fail. A callout with an SPF pass isn’t abusive: if the domain sent me an email, then it should be able to handle a callout.
If there’s no SPF record, then the domain isn’t protected: publishing SPF records will protect against excessive callouts. For SPF neutral or softfail results, a similar argument applies: the domain isn’t properly protected.
--
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148
More information about the Mailman-Developers
mailing list