telling spammers 4xx or 5xx doesn't matter, they don't listen.
yes, but interestingly, every "smtp transport" (remote ip address who
connects to your tcp/25 service) who ignores 5XX (which you can tell
because they come back and try the same thing again over and over) is
either a spammer or the output side of a proxy (which might be hard
to detect). so it turns out that ignoring 5XX is like sending up a
flare, "blackhole me!".
Exactly this is the flawed point about returning 4xx. They produce
only collateral damage, but don't hit their target at all.
but they can feel self-righteous, which is probably the major goal
(susan, this is in a spam related thread but i'm adding offtopic remarks
which i think are actually in-charter for nanog. --pv)
Verizon does SMTP callbacks, connecting back to the MX of the envelope
sender and trying to verify that the user exists
while something like RMX or MAILFROM would probably be a more robust
alternative, verizon's actions are not irrational on a purely cost:benefit
basis when the costs and benefits being measured are only their own.
however, cost and benefit are not isolatable in that way, and folks who
try to isolate them end up causing others to pile workaround on top of
workaround until the whole system is just gum and mud.
if verizon wanted to jointly sponsor a clearinghouse of email senders who
had passed the callback test, with appropriate caching and error analysis
and robust global mirroring, i'm sure that there would be other isp's and
large e-mail carriers who would want to help, and i'm sure that authors of
mail software, both opensource and not, would want to offer the feature of
checking such a "ephemeral sender whitelist" (ESW?)
but as long as verizon acts alone, they're just hurting themselves, and
the overall system. consider what would happen if everybody did callbacks;
first, what would happen to the load on the world's nonabusing mail servers,
and then, what would the spammers do in response if this was effective?