At 14:59 17/05/2002 -0400, Keith Moore wrote:
> > 1. it's a non-starter to force senders to submit to/relay through any
> > particular host or hosts. people can and do send mail from
> > anywhere, and this is essential functionality.
>
> Providing a list of authorized senders is a sender-side choice. As such,
> this is an elective system and has to be recognized as one.
right. but it's an elective system that has significant barriers to
actually being used.
Why? The only reasonable argument I've seen against it is your 'wanting to
send mail through any server' argument. For 99% or more users, this won't
be an issue.
> BUT, providing this kind of information is as beneficial to the sender as
> it is to the recipient.
right, but it only works for senders who always use the same relays.
As the vast majority of people do.
> So rather than looking at this in terms of ~"can I reject mail from
> senders without MS RRs?" (the answer to that is "no"), the appropriate way
> to look at this is ~"can the owner of a domain use this to prevent
> forgeries from their domain" and "can the recipients use this as a
> supplemental method for killing spam" (the answer to both of those
> questions is "yes").
the answer to the first of the questions is "no, not in general".
the answer to the second question is "yes, but it won't make much
of a difference unless most of the sources of spam use it"
It would make a difference if the *faked* sources of spam use it. Eg if
Hotmail use it, then spammers will no longer be able to use @hotmail.com
addresses on their spam, because they're not relaying through Hotmail's
servers.
Paul VPOP3 - Internet Email Server/Gateway
paul(_at_)pscs(_dot_)co(_dot_)uk http://www.pscs.co.uk/