I'm reading the archives on ADSP and haven't seen anyone pitch the idea
that on verification failure, we could have the message in question would
be BCC'd to the domain owner's administrator for review.
I am a teenager with a lot of spare time, so I'm going to send thousands
of random messages forging your domain, so you get copies of all of them.
Perhaps inventing yet another channel for indirect mailbombing is not a
This is not a hypothetical issue -- my abuse.net domain is forged enough
that I've gotten 400,000 useless bounces in one day to random addresses in
the domain. It would not have been useful to get 400,000 more helpful
notifications to my postmaster address.
By the way, I'm one of the authors of ADSP, and in my opinion, ADSP
discardable is completely useless. There are indeed domains whose mail is
such a phieh target that it's worth losing a few real messages to get rid
of all the phishes, but ADSP is not an effective way to find out who they
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
Please consider the environment before reading this e-mail. http://jl.ly
NOTE WELL: This list operates according to