ietf-asrg
[Top] [All Lists]

Re: [Asrg] 0. General - Inquiry about CallerID Verification

2003-11-28 13:58:33
At 3:39 PM -0500 11/28/03, Yakov Shafranovich wrote:
Hector Santos wrote:
YAHOO.COM,  AOL.OCM and others accepts "billions" of mail therefore might
deem it necessary to delay any mail validation process.  Again, it does not
mean it doesn't work.    It means, these guys are the PROBLEM, but anyone in
the mail server business knows that.   You are comparing it against the
AOL.COM, YAHOO.COM, etc.  Yet, in the same breath,  I read how these guys
are trying to define or hijack your efforts.

There is a reason to their madness - it discourages spammers from harvesting email addresses. Also, nothing prevents the spammers from doing the same thing for their domains.


Such behavior is also not restricted to large consumer/recreational ISP-like mail systems. Many corporate mail systems have exterior SMTP faces that live on machines with no knowledge of the interior environment except how to get mail to it. The outside bastion mail servers deal with basic filtering, but have no way to know whether a particular address is valid or not. This is a simple security issue: machines with exterior exposure are not allowed to carry or even query confidential databases like the list of valid user names. There are arguments on all sides of this sort of configuration, but no amount of recommendation by an I[RE]TF body will change it.


--
Bill Cole bill(_at_)scconsult(_dot_)com


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>