LMAP is supposed to be checking the IP of the connected client against DNS.
Unless they can forge a TCP connection with the MTA without seeing any of
the traffic, they can't pull that off with LMAP going. Now, if they were
actually fastmail.fm users, that would be another story. In particular, I
think dealing with that falls under the umbrella of 'local policy'.
LMAP will never eliminate all cases of forgery - which actually has a
rather nasty side-effect. Think of it as the "survival of the fittest"
in action. If something like LMAP was universally adopted, any spam
mechanism not affected by it would be "encouraged", so to speak.
So, which cases would not be affected by LMAP? Now, in addition
to all the "non-forged" methods (disposable accounts, rogue ISPs and so
on) there is the following:
A spammer gains access to a compromised computer, and determines
the mail address of the owner of the machine. The spam is then
sent out in the name of the owner of the machine, just as if
the real owner was actually pressing the keys.
In other words, widespread implementation of LMAP (which would be a good
thing) would lead to more compromised machines (which would be a bad
thing) ;-)
--
Fridrik Skulason Frisk Software International phone: +354-540-7400
Author of F-PROT E-mail: frisk(_at_)f-prot(_dot_)com fax:
+354-540-7401
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg