Keith Moore wrote:
any auto-responder is going to create some collateral spam.
there's no way around that.
If enough forgeries are rejected before they can hit their
victims incl. auto-responders, then the spammers will use
other addresses in their reverse paths. And then it would
be again "some damage" instead of the "huge damage" today.
If that's impossible the huge damage would force users to
delete anything which might be "collateral spam" without
manually checking it, and that would be the end of SMTP as
we know it.
[bounces-to vs. sender]
that's not the essence of the problem.
IBTD, and after Bruce mentioned RfC 733 here I looked into
it. It's the same concept of sender as in STD 10: "a MAIL
command indicating the sender of the mail", "a reverse-path,
which specifies who the mail is from".
MAIL FROM is fundamentally the address where bounces go. It
is NOT necessarily any of the source, the sender, or the
originator.
You need another net or another way to transport mail before
the 1st Internet MTA for differences. MAIL FROM is what the
name says, fundamentally the same idea as the RfC 733 sender.
it's extremely important that you understand this.
Maybe we could join Bruce and Dave in their time travel, when
they fix RfCs starting with 733. But actually I'm happy with
the old MAIL FROM sender concept, if it's not abused as an
arbitrary "bounces-not-to-me" address by spammers.
I had about 180,000 of these "collateral spams" too many for
my V.90 connection to a POP3 mailbox with a catch-all vanity
host, before an IP-based MAIL FROM protection scheme stopped
this.
Bye, Frank