Re: [Asrg] Position paper, in zipped HTML

John R. Levine wrote:

> Are supposed to enumerate every possible permuation of our addresses
> for the convenience of spammers?  Even if we permit domain wildcards
> (something the DMA strenuously resists with e-MPS), it's still an
> absurd task, and given the reality of dictionary attacks, spammers
> will still make up addresses faster than we can opt them out.
We have a similar situation - our spamtrap domains were previously used 
by our company.  For a variety of reasons, we "leaked" literally 
thousands of variations on the theme "user@<host>.domain", but ignored 
"<host>" in our mail infrastructure.  Thus, any user had a virtually 
infinite number of aliases.  In practise, many people had as many as 30 
or more get scraped and spammed.  Not to mention <employeeid>@domain, 
<firstname.lastname>@domain etc.
Domain-wide opt-out is crucially necessary for this to fly at all. 
Enumerating even one variation of each user's email address in an 
opt-out list would both be impractical (dozens, if not hundreds of 
updates per day), and get me shot by Security.
But domain-wide opt-out is the most problematic getting acceptance. 
John remembers our trip to the DMA...
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg