1.3.1 Limitations of Sender Address Verification

Before deciding whether and how to use sender address verification, you should be aware of its limitations.

Both standard and strict methods suffer from the following limitations:

• The sender verification methods will perform poorly on highly loaded sites. The traffic and/or resource usage overhead may not be feasible for you. However, you may experiment with various mailfromd options to find an optimal configuration.
• Some sites may blacklist your MTA if it probes them too often. Mailfromd eliminates this drawback by using a cache database, which keeps results of the recent callouts.
• When verifying the remote address, no attempt to actually deliver the message is made. If MTA accepts the address, mailfromd assumes it is OK. However in reality, a mail for a remote address can bounce after the nearest MTA accepts the recipient address.

  This drawback can often be avoided by combining sender address verification with greylisting (see Greylisting).

• If the remote server rejects the address, no attempt is being made to discern between various reasons for rejection (client rejected, ‘HELO rejected’, ‘MAIL FROM’ rejected, etc.)
• Some major sites such as ‘yahoo.com’ do not reject unknown addresses in reply to the ‘RCPT TO’ command, but report a delivery failure in response to end of ‘DATA’ after a message is transferred. Of course, sender address verification does not work with such sites. However, a combination of address verification and greylisting (see Greylisting) may be a good choice in such cases.

In addition, strict verification breaks forward mail delivery. This is obvious, since mail forwarding is based on delivering unmodified message to another location, so the sender address domain will most probably not be the same as that of the MTA doing the forwarding.