[y2ksw]

Quote:

Originally Posted by pedigree

Sure it could but the problem with a single source of active SMTP scanning is that mail servers could just block connections or worse, tarpit them by reducing the TCP window size to 0, therefore just killing any scanning machine thats busy and invalidating any results, possibly timing out causing unhandled errors... if I ran a mail server and had it hit by a non-stop mail scanning site, it would get the tarpit treatment.

Right. However we have to start at some point, and if we had the fear to move against spammers, we shouldn't move at all. I'm aware of the risks, but at the end we are not sending any email, and just try to find out if the mailbox exists, with a simple mail conversation which may come any time from any server. It doesn't mean we are spammers, and those who protect do know. The point of one source is easy to understand - it is a start project and every server is an expense, I'm sure you know. And on the other hand it never will be only one source, because once everybody starts to share, spammers are defeated from many places. And in fact this is the only way.

Quote:

Take gmail for example, it waits to the end of the conversation before rejecting email addresses. This could pass email testing but be an invalid email address. Other sites will just accept everything and bin non-valid recipents later. Lets not forget (and I havent looked at the source) you can have a mail server running without a MX record. stopforumspam.com does tests to govern if an email is a valid format but it doesnt connect to a remote server to test if we got a 220/451/452 result code.

GMail seems to handle email as any other server. The few cases an email results valid but effectively isn't will be handled by the mail server. But if you ever had a forum with thousands of users and frequent email bounces just because they don't care even to register, you will also understand that a basic connection test isn't the worst thing. In fact this is what many people ask for: more reliable email addresses.

Quote:

A single point for email scanning isnt a great method, as much as I like making it hard for spammers. By doing active scanning, your results are skewed by the remote end which you have no control over. vBulletin already has a method for controlling email validity, in that you must confirm a registration. For those sites without email confirmation, well, they deserved to get spammed really. While this doesnt stop a member registering to that point and hoping that their details will still be visible somewhere, email tests could be done on your server in a more distributed manner. There is no reason why those results couldnt then be submitted to a central site for further testing.

We have to build that. As far as I know there is no public database where to look at if an email address is valid and existing. It is rather the contrary, since otherwise the spammers could just download that database and send spam to 1.000.000.000 world-wide users instead of only 1.000.000 at a single time.

Quote:

Im not trying to rag on anyones effort, god knows I had enough myself when I released my mod but Im just playing devils advocate

We can share experiences, databases, code. But it must be us to start the fight, waiting for other people to join and actively help will take a long time. Since your site is already up for quite some time (a year or so), you will know how much it takes, unless you already had a lot of helpers.