From: "Gary Feldman" <gaf(_at_)rtr(_dot_)com>
...
Ultimately, requirements translate into user requirements, not
some technical point. Phrasing them technically as above
tends to obscure the real requirements.
So, for example, the real requirement is to be able to send
mail from one authorized address with a return address being
another authorized address, "authorized" being the operative
word. ...
That use of "authorized" is more of the same but worse, because it is
involves a misuse of technical jargon. The problem is that it
"authorized" is meaningless in this case. This is not a mere technical
quibble. You cannot "authorize" some but only some strangers. It is
as impractical (and undesirable in the larger context) for an ISP in
China to check that a user is "authorized" to use a return address in
the U.S. as it is for a hotel in China to check to see if a guest is
"authorized" to use a U.S. return address on a picture postcard.
Or to get closer to home and recent headlines, for a Hotmail user to
use an AT&T return address.
...
While that's often done, the real requirement is that the
sending computer have the authorization to send on behalf
of the purported (i.e. mail_from) domain -- or perhaps
it needs to be at the user level or some other granularity).
Yes, and the trouble is that in practice that cannot be implemented
without the forcing users to use return addresses matching their
sending IP addresses.
However, let me observe that a significant proportion of the
spam I receive can be rejected on the reverse DNS basis, while
only a tiny proportion of legitimate mail would result in a false
positive. So, while it's far from perfect, I don't agree
with your conclusion that it doesn't reduce spam, based on
my own personal empirical evidence.
My own empirical evidence and the evidence of others who object
more to not receiving legitimate mail than to receiving junk is
the opposite. However, I bet the numbers we are talking about are
the same. I bet your "tiny proportion" is several percent.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg