From: Markus Stumpf <maex-lists-spam-ietf-asrg(_at_)Space(_dot_)Net>
...
Why do some spammers curently test 10,000 arbitrary user names at many
domain names to see if they are valid with either Rcpt_To "vrfy" or
trial spam?
What evidence do you have they do?
I can't see this happen. We host about 10000 domains and we do log VRFY
commands. I see about one VRFY a day and and checking the session it's not
from spammers but someone using a telnet connection to speak SMTP and
playing around.
I see almost no use of the SMTP VRFY or EXPN commands. Instead I and
many others see uses of the SMTP RCPT_To command (sometimes followed by
DATA) to get the same effect as VRFY. Note that sendmail does not
normally log RCTP_To commands used in place of VRFY.
...
I have yet to see a reason why spammers should honor an opt-out list at all.
Spammers vary. Some don't want to offend prospective customers and
see everyone as a prospect. Others don't have as as much foresight
and don't care if they offend non-customers.
...
Discussing opt-out list strategies is IMHO a waste of time.
I think "arranging deck chairs on the Titanic" fits. It's not a
complete waste, but so far the benefits seem unlikely to be enduring.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg