[Mailman-Users] Has anyone actually implemented Postfix address verification for their sites?

Brad Knowles brad at stop.mail-abuse.org
Sun May 7 20:33:22 CEST 2006

At 1:49 PM -0400 2006-05-07, Christopher X. Candreva wrote:

>  This does not scale. Please do not turn this on.
>  If everyone did this, it would mean when someone forges my domain into a
>  spam run, my servers will be hammered by all these requests to verify this
>  bogus mail.

	Postfix AVE has some intelligence built-in.  Information about 
verification failures and successes is cached, and I think the 
positive and negative caching periods are separately configurable 
(with reasonable defaults).

	So, if someone forges your domain on a spam run, you'll get a lot 
of sites around the world who contact your server once per day (or 
once per hour, or however they're configured), and that's it.

	This is a much more scalable solution than might appear at first blush.

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.

More information about the Mailman-Users mailing list