And in answer to your third question -- of _course_ misdirected bounces
are a problem, and you know my solution.
Actually, we don't. Is it the same as Johann's laughable "solution";
the equivalent of running SpamAssassin?
I don't see the relevance of
the question in this context though, since SPF and CSV don't even
attempt to address it.
The context is SRS (as it states in the subject) not really SPF or CSV.
They will prevent bounce-spam in a tiny minority
SRS does not prevent bounce-spam "in a tiny minority of cases", it
completely eliminates it. I am eliminating 80,000+ per day using SRS
signing and have not had a single spam report from a user since
implementation that involved a fake DSN.
SRS signing COMPLETELY eliminates fake-DSN spam, and without the
possibility of rejecting a real one. I am not saying "probably", I
am saying it DOES. I've been doing it for quite some time now.
SpamAssassin (or any heuristics, as Johann suggested) running on fake
DSNs won't catch any more than it does on any other mail (less than
80% here now) and will be subject to false positives, which would
REJECT a REAL DSN, which is a FAR worse problem. The repercussions
of rejecting a real DSN are much worse than accepting some fake-DSN spam.
-- but that much would be achieved by _any_ mechanism which
would cause the mail to be rejected up-front instead of being accepted
and then bounced. SpamAssassin probably does more to prevent bounce-spam
than SPF and CSV do.
More than SPF and CSV, yes. Not more than SRS. SRS has a perfect
record for fake-DSN spam on my server, after a couple YEARS of
running in excess of 1.5 million messages per day, I have had zero
complaints of lost real DSNs and zero complaints of fake-DSN spam.
Tx3 Online Services
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com