[Asrg] enough about backscatter
Rich Kulawiec
rsk at gsp.org
Fri Jan 16 06:04:29 PST 2009
On Sat, Jan 17, 2009 at 12:40:48AM +1200, Franck Martin wrote:
> It is standard to do that at the end of DATA. And it is best to do it there than later.
Well, you can also do it much earlier. I reject the overwhelming majority
of mail (>95% of all rejections) before DATA, based on connecting IP,
connecting IP's rDNS, putative sender, recipient, and so on. "Reject
early, reject often" is one way I've jokingly put it -- after all,
once something has demonstrated that it's actively malicious, there's no
point in even bothering to stick around for the data: 5XX it, hang up,
and move on.
---Rsk
More information about the Asrg
mailing list