Sendercallouts (Sender Verify / SAV) - Why it is abusive

This is for all persons who think SENDER CALLOUTS are viable.

We will explain why we consider sender callouts abusive.

RFC821 knows the command VRFY for testing an emailaddress exists.
Due to spammers were abusing the VRFY command for dictionary attacks, most administrators have chosen to disable VRFY.
If an administrator has disabled VRFY then it is his policy to not allow testing for email addresses.
You are an abuser if you connect to his system and try to break or circumvent that policy by going up to RCPT TO for testing an email address exists.

Sender callouts are a selfish and broken technique abusing other systems to prevent you get spoofed emails.
As soon as you use such nonsense, any spammer out there is able to cause your computer system to be part of a DDOS [distributed denial of service attack] against other computer systems.
If some idiot was to fake the “From” in a spam to be YOU@YOURDOMAIN.TLD [an email address on your server] and send about 30 million spam emails out like that, what do you think will happen?

Your server will have to deal with several million bounces, but additionally also deal with millions of VERIFIERS.

The problem is not that one connection you do to verify an emailaddress, you have to be aware that millions of other abusive systems will try to verify the same emailaddress you are trying to verify within a short timeframe, which can easy lead to a DDOS against the poor victim of a forgery.

We don’t think you will find it so cool when you get e.g. 200,000 connection attempts per minute from other abusive servers worldwide, which are "ONLY" probing your email address to see if it is deliverable or not ...
This is the logic behind our reasoning, and to us there is no difference between computer systems trying to send email to spamtraps or computer systems that are "only" probing our spamtraps ...
There is no logical reason why we should spend additional resources for distinguishing between the two, we know that it will be nothing we want to have :-)

And even worse for you:
Sender verifications can easily break your email connection as follows:

Your computer system tries to send an email to ABC@EXAMPLE.TLD
If EXAMPLE.TLD does the same ‘verify’ nonsense as you, they will say:
451 Unverified Sender --- try later
But your computer system also does 451UNVERIFIED Sender back to EXAMPLE.TLD

You might end up in a loop where each computer system wants to "VERIFY" the other system first.... until your email expires ...

That logically means: You lost the game :-)

We hope that you will see this can only work when you would be the only person on the planet doing so ...

All that you can learn with such "verification" is whether a computer system would accept email from you at the time of connection, after which the answer is out-dated.
Your IP address could e.g. be blacklisted and therefore a connection not be accepted ..
It is NOT an indicator that an email address exists and it is also NOT an indicator the person really sent you anything - It could still be a fake from somewhere else ...

Unfortunately there are a lot of such lame techniques being used out there by people who really have no idea what they are doing and in a worst case scenario can be using a broken technique :-)