----- Original Message -----
From: "Bart Schaefer" <schaefer(_at_)brasslantern(_dot_)com>
To: <asrg(_at_)ietf(_dot_)org>
Sent: Monday, December 01, 2003 4:26 AM
Subject: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID
Verification)
On Dec 1, 3:51am, Hector Santos wrote:
}
} For ESMTP V2.0 Servers:
}
} Compliant servers must support VRFY as a way to validate return address.
That doesn't address the issue (pun?). See my example of MTA1 sending to
MX2, which tries to verify the address using MX1.
I did. I saw nothing there. See my reply which outlines the logic you
described.
Unless you impose the additional requirement that MX1 be able to verify
all addresses that may
originate from MTA1, it doesn't matter whether you use VRFY or RCPT.
Nothing to impose, its already part of the specification. The RETURN PATH
is a REQUIREMENT for proper SMTP operations. period. You don't have it, it
presents improper operations and spammers have exploited this hole!
All you have basically shown is that there is a scalability issue.
That is true. But more importantly it will be become a redundancy issue
more than anything else, because once it works, there will be a lot of
redundant checks against valid addressing which then says that maybe it
could fall back to a LMAP method where you just validate the domain.
---
Hector Santos, CTO
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg