On 11/28/2003 12:39 PM, Yakov Shafranovich sent forth electrons to convey:
Hector Santos wrote:
YAHOO.COM, AOL.OCM and others accepts "billions" of mail therefore
might
deem it necessary to delay any mail validation process. Again, it
does not
mean it doesn't work. It means, these guys are the PROBLEM, but
anyone in
the mail server business knows that. You are comparing it against the
AOL.COM, YAHOO.COM, etc. Yet, in the same breath, I read how these
guys
are trying to define or hijack your efforts.
There is a reason to their madness - it discourages spammers from
harvesting email addresses.
It's a poor excuse. There are ISPs that detect harvesting attacks and
when they do, deal with it - some then refuse even email to valid
addresses. They can refuse the email without stating or otherwise
giving away the information that the reason for refusal is email to a
nonexistent account. IMO, MAIL FROM: <> needs to be deprecated in favor
of refusal during SMTP. There is no compelling reason to delay the mail
validation process. It provides no benefit that cannot be met with
immediate validation, barring the super-secure bastion host scenario
Bill Cole mentions, which could be resolved with some work. (I should
admit - I don't do what I preach, as the provider I choose to have host
my domain does accept spam that I'd prefer it refuse during SMTP, but I
have pushed them to fix the problem, and they do refuse a good fraction
of the spam during SMTP.)
I forget whether SpamAssassin supports what we're currently calling
CallerID Verification. It has NO_DNS_FOR_FROM: Domain in From header
has no MX or A DNS records, but I think it doesn't have the full
CallerID Verification.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg