At 12:03 PM -1000 3/5/03, Clifton Royston wrote:
This is only a few months old, but it does, nicely and carefully, a
lot of what people are discussing or asking for.
* In verifying the sender address, it gets as far as connecting, doing
MAIL FROM: <> and verifying a 250/5xx for the RCPT TO, then does a RSET
on the machine it is verifying it on before disconnecting.
This verifies that the mail from is valid, or is at an ISP that
doesn't do front-line checking of user validity. If it becomes wide
spread then spammers have two obvious solutions.
1. Use real from addresses from real users (but not the spammers of
course). This is already happening some, this just makes it worse.
2. Assemble lists of of mail servers that don't immediately validate
users, but say "yes" to everything. At which point of course, some
RBL will be set up to blacklist such servers :-).
I'd put this in the category of techniques that work well only
because they aren't widely deployed.
--
Kee Hinckley
http://www.puremessaging.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg