At 8:28 PM -0500 1/5/05, Michael Kaplan wrote:
There is still some concern that the bounces will "spam" innocent
people. If we arbitrarily guess
that 1 out of 50 forged spam return addresses represents a real
active account, and if we assume that bounces will only be sent back
to 5% of spams after filtering, then we would have a 'bounce spam'
problem that is only 1/1000th the size of the spam that is being sent out.
This is not even
taking into account the ease with which a bounce can be prevented
from reaching a user if that
user had not sent out the corresponding email. I do not believe
that this will be the flaw that sinks this system.
Bouncing 0.1% of all spam to random uninvolved people *by design* is
not an acceptable approach.
This is a big part of why I think it would be good to have this class
of system tried as an alternative to the existing email system
instead of as a variant intermixed with it. The response of many
non-ISP mail systems to a bunch of misdirected challenges would be to
simply stop taking mail at all from the sites emitting the
challenges. Maybe 80% of users and all of the big consumer ISP's will
be eager for that sort of approach, but it is fundamentally
incompatible with (and I expect would be shunned by) a sizable
fraction of existing mail systems and users.
--
Bill Cole
bill(_at_)scconsult(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg