From: wayne <wayne(_at_)midwestcs(_dot_)com>
...
I run exim with "sender_verify_hosts_callback" enabled. This causes
exim to connect back to the sending domain and uses a "MAIL FROM:<>",
"RCPT TO:<envelope_from(_at_)sending(_dot_)domain>" pair off commands to make
sure a potential bounce would be accepted.
It rejects quite a bit of email, but probably 60-80% of the spam
passes the test.
...
One reading of that is that 60-80% of spam is not "forged."
Of course, that
- assumes most sending system answer 5yz for invalid users. We know
Yahoo answers Rcpt_To with 250 for some invalid addresses.
- ignores accounts that have been terminated but cannot honestly
be said to be "forged" when used by previous spammer owners.
- interprets the claims that most spam is "forged" as meaning the
the forgery is of invented sender addresses.
Tha last is reasonable, because if much mail were forged with valid
addresses, then you would expect to receive more than the rare spam
bounce....yes, of course some spam certainly is forged and some
addresses such as @somewhere.com get more than rare spam bounces.
I'm belaboring the obvious because I'd like to get the myth that most
spam is forged squashed before the spam problem is ended.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg