----- Original Message -----
From: "Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
To: "Hector Santos" <winserver(_dot_)support(_at_)winserver(_dot_)com>
Cc: "Alan DeKok" <aland(_at_)ox(_dot_)org>; "ASRG" <asrg(_at_)ietf(_dot_)org>
Sent: Sunday, November 30, 2003 1:28 AM
Subject: Re: [Asrg] 0. General - Inquiry about CallerID Verification
There is nothing in the current IETF email standards that requires (1)
the sender's system to operate a valid MTA that responds to RCPT TOs for
the email account that is sending the email, and (2) must not accept
RCPT TOs to *any* address at its domain. For example, some domain owners
use "catch alls" also to accept all incomings, which is perfectly legit,
OR ISPs such as Yahoo that are doing this to stop harvesting and
dictionary attacks.
Yakov, they are delaying the validation until the DATA state. They are
probably using pareto's principle that suggest that most of their spammers
are TOO stupid to change their SMTP software to intepret that DATA results.
<g>
What I would like to do, is to go through the SMTP model step by step,
analyzing loopholes, and see what can be tightened and improved. Then
from there we can figure out which proposals can work.
hope to see a good job. <g>
I'm available for technical review.
---
Hector Santos
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg