Before deciding whether and how to use sender address verification, you should be aware of its limitations.
Both standard and strict methods suffer from the following limitations:
mailfromd
options to find an optimal configuration.
Mailfromd
eliminates this drawback by using a
cache database, which keeps results of the recent callouts.
mailfromd
assumes it is OK. However in reality, a mail for a
remote address can bounce after the nearest MTA accepts the
recipient address.
This drawback can often be avoided by combining sender address verification with greylisting (see Greylisting).
yahoo.com
’ do not
reject unknown addresses in reply to the ‘RCPT TO’ command, but report a
delivery failure in response to end of ‘DATA’ after a message is
transferred. Of course, sender address verification does not work with such
sites. However, a combination of address verification and greylisting
(see Greylisting) may be a good choice in such cases.
In addition, strict verification breaks forward mail delivery. This is obvious, since mail forwarding is based on delivering unmodified message to another location, so the sender address domain will most probably not be the same as that of the MTA doing the forwarding.