On Mon, Mar 24, 2003 at 11:31:39PM -0800, Chuq Von Rospach allegedly wrote:
As the site trying to decide on accepting, you can query that server
two questions: is "fluxmonger(_at_)yahoo(_dot_)com" authorized to send e-mail
from
your domain? and "is this IP address authorized to send e-mail for your
domain"?
risks/issues:
any server that does a yes/no on "is this a good address" risks leaking
those good addresses to spammers.
eRBL is a variant on this that I've discussed in other forums. The
idea is to reverse the question to be "is this a known bad address".
As the owner of the domain, you get to know about bad addresses
because you get the bounces. In effect, hostauth becomes a cache of
recent bounces to bogus addresses, for some value of recent.
The advantage of this approach is that it doesn't leak addresses and
cannot be used to list-wash.
Using your example, if someone is trying to send mail using
bin(_at_)plaidworks(_dot_)com, in very short order you'll start getting bounces
to that address because spammer lists are rarely perfect. As soon as
you get the bounce and the local delivery/forward fails, the address
gets added into your eRBL.
A query for any other email address returns NXDOMAIN regardless of
whether it's valid or not.
Regards.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg