The Underscore Archives

Oliver Humpage wrote:
> on 13/3/08 15:19, Edward Ross at underscore at rosstech.biz wrote:
> 
>> Good question - we have a web interface where you can manually add a
>> sender to allow these mails to come through.
> 
> Problem is, for a lot of sites you've no idea where they're going to send
> from until they've sent it... even the sender domain can be a bit random.

True - but you see the mail in the blocked contacts page and allow it. 
Its really easy - and you only have to do it occasionally for new services.


> Personally, I'm firmly in favour of placing no onus on the sending party: be
> that human intervention, or even something as automated as greylisting. It's
> always easier to correct your own systems than try to explain to someone
> else that their server is "broken".

That's a matter of taste and I see your point. But I do find our system 
very effective.  I believe that if someone genuinely wants to contact 
you, its not much effort to authenticate. Its undeniably more hassle, 
but so are all security measures.  I wish I didn't have to have locks on 
my doors, or passwords on my computers - life would be quicker and easier.

> 
> The only thing that can cause us problems is that we do strict HELO checking
> - that is, a sending server must issue a fqdn or an IP in square brackets in
> the EHLO statement or I reject them. You'd be surprised who gets it wrong...
> real.com, blackbox.co.uk amongst others. But it cuts out 1/3 of spam
> immediately, because infected home machines almost always send their
> hostname, not a fqdn.

Interesting! I could imagine that rather than blocking those users 
entirely you could challenge them with Tonsho.  How does that sound?

> 
> Oliver.
> 
> 
>