God save us from sysadmins
2003-10-25 00:57:50 GMT/BST
On Thursday I sent some mail to a friend. It didn't reach him. Just a few minutes ago he phoned me to say that it had been rejected by his mail server because it claimed to be from czr@gotland, and sendmail disliked the fact that it couldn't resolve the gotland domain name.
Rejecting mail from unresolvable domains a fairly common anti-spam measure. And a fairly stupid one.
Let's suppose for a moment that I'm a spammer. One of the things about email is that it's possible to make all sorts of claims about who you are, and they don't necessarily have to be true. That's the case with the sender. If I were a spammer, I could claim to be email@example.com if I wanted to, and in that case sendmail would perfectly happily accept the mail because it can resolve the microsoft.com domain name. So why would I claim to be sending from an unresolvable domain? The only possible reason is incompetence. So, by rejecting mail from unresolvable domains, you might succeed in weeding out a few incompetent spammers.
Now let's look at what happens to mail from legitimate senders. Again, I don't have any reason to claim to be sending from an unresolvable domain. (Well, actually that's precisely what I am doing, but I want to claim to be a resolvable domain so that there's somewhere for the bounces to go.) So, if I'm claiming to be from gotland, the only reason is that I'm incompetent. And incompetence is a quality shared by all humanity. So, by rejecting mail from unresolvable domains, you've also succeeded in rejecting some legitimate mail.
If you wanted to achieve that sort of result you might as well just pick mail at random and reject it.
God save us from spammers. God save us also from over-zealous sysadmins.