The next step is to have a special bounce filter on the other end to
stop innocent people from receiving spam induced bounces. The filter
would recognize an incoming bounce and only pass it on to the user's
inbox if that user had recently sent an email to the source of the
bounce.
You've almost reinvented BATV there. It puts a signature hash in the
bounce address in outgoing mail, and rejects bounces that don't have
the hash. I've used this for a while and it works very well. Trying
to match bounce sources is hopeless; if you write to
john(_dot_)smith(_at_)foocorp(_dot_)com you're likely to get responses from
jsmith(_at_)foocorp(_dot_)com or mailer-daemon(_at_)hostingcompany(_dot_)com,
with no
consistency at all to the addresses.
But I don't see what this has to do with challenges, since they don't
look like bounces. They're ordinary mail, sent in bulk and (for the
majority due to forgery) unsolicited, i.e. spam.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg