Callback verification

The first step is to establish a successful SMTP connection to the mail exchanger for the sender address.

(One widespread interpretation implies that the MAIL FROM/RCPT TO pair of commands should also respond the same way, but this is not stated by the RFCs.)

Callback verification is abusive[1] and can lead to blocklisting of the server, the domain or the IP block.

The documentation for both postfix and exim caution against the use[2][3] of this technique and mention many limitations to SMTP callbacks.

In many cases this in turn helps originator system to detect the problems, and fix them (like unintentionally not being able to receive valid bounces).

The three hosts involved in an SMTP callout verification. If the address is not forged, the sender and the MX server may coincide.