On Sun, 1 Jun 2003, Scott Nelson wrote:
Suppose that all challenges included the Message-Id: of the
quarantined message in it's In-Reply-To: and/or References: header.
(like all DSNs should - grrr)
Then as long as mail clients can recognize message-ids they've created,
it's a simple matter to accept any you've generated, and discard any
that you haven't. (Handy for those forged return address bounces too.)
There are millions of e-mail clients that don't even generate Message-IDs
and In-Reply-To: headers, let alone record the ones on sent mail.
If I name Lotus Notes and Eudora as examples, that's probably a two-digit
percentage of all e-mail for starters (Notes being the biggest-selling
enterprise e-mail system, and Eudora being second in popularity to Outlook
on the desktop). Both have been that way for decades. If C/R won't work
unless the vast majority of people upgrade their e-mail client, then I don't
see much hope for it.
As an aside... SpamAssassin with Bayesian filtering is so good that it's
weeks since I last had a false positive, and I've had only a handful of
spams in the same period, all for products that apparently hadn't been
spamvertised before.
mathew
--
Journal and other stuff at <URL:http://www.pobox.com/~meta/>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg