From: "Mark Delany" <tcrcn-6ugsc(_at_)qmda(_dot_)emu(_dot_)st>
...
The problem with that is that Hotmail, Yahoo, and most of the rest of
the owners of the domain names that appear in SMTP Mail_From senders
in the majority of spam instruct their DNS servers to always answer
"yes, a.b.c.d authorized" for any and all IP addresses.
I doubt it. They suffer hugely from bogus addresses in their domain
space ...
What evidence is there for that assertion? Logic and all of the
evidence I've seen contradicts it.
As far as I can tell almost all free mail providers not only
allow but encourage their users to send their mail using the
ISPs that provide connectivity.
Not so. Especially given that most of the free providers still get a
lost of their revenue stream from having eyeballs look at their web
pages while composing and sending email.
People provide 10 or more times as many opportunites to be shown ads
as they check and read their mail than when they compose mail.
Evidence of this is that port 25/110 access - when provided by
freemail providers - is now mostly only done so on a fee basis to
compensate for lost eyeballs (admittedly that's also an anti-abuse
strategy but it's not the only reason).
What evidence is there that abuse and still other issues such as port
25 filtering and the administrative hassles of configuring port 110
are not the only reasons for their charging for port 25/110 access?
...
That is true, but I don't think you should under-estimate the benefit
freemail providers perceived in a designated sender scheme. I do work
for a large provider and speak to others - the bad press, the abuse
load and the bounceback loads are significant factors that add to the
appeal of developing and deploying a workable DS scheme.
If you work for a large *free* provider, could you provide some
measurements in support of your claim that free providers "suffer
hugely from bogus addresses in their domain space"? How much of the
use of free provider addresses can honestly be said to be "forged?"
Emu.st does not seem to be a large provider, free or otherwise. That
suggests your use of emu.st instead of an address at your employer
might be an example of what many foolishly and falsely term "forgery."
Even if not, your use of emu.st is an example of the market forces
that render moot any and all proposals that would have the free
providers validate their users by DNS or other means. We can afford
the monetary and other costs of vanity domains, but most people are
stuck with free providers. The size of the market for the weak
anonymity provided by the free providers is too large.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg