[Mailman-Users] Has anyone actually implemented Postfix address verification for their sites?
Brad Knowles
brad at stop.mail-abuse.org
Sun May 7 20:33:22 CEST 2006
At 1:49 PM -0400 2006-05-07, Christopher X. Candreva wrote:
> This does not scale. Please do not turn this on.
>
> If everyone did this, it would mean when someone forges my domain into a
> spam run, my servers will be hammered by all these requests to verify this
> bogus mail.
Postfix AVE has some intelligence built-in. Information about
verification failures and successes is cached, and I think the
positive and negative caching periods are separately configurable
(with reasonable defaults).
So, if someone forges your domain on a spam run, you'll get a lot
of sites around the world who contact your server once per day (or
once per hour, or however they're configured), and that's it.
This is a much more scalable solution than might appear at first blush.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
LOPSA member since December 2005. See <http://www.lopsa.org/>.
More information about the Mailman-Users
mailing list