The filter I was describing was not meant to apply to every form of
automated or mass emailing. It specifically applied to challenges
sent in response to an email that had just been sent.
So if someone forgot to whitelist this mailing list, then I'd get a
challenge from his mailer.
Well, if it's competently done, the listowner would get a challenge.
As you point out
(Ever posted to bugtraq and seen the number of idiots with broken
vacation programs subscribed there?)
"competently done" is rarer than it ought to be in such fields. I've
actually started using a black-hole address in the headers when posting
to bugtraq because of exactly that effect. I may drop bugtraq soon,
though, because (1) the broken-autoresponder problem is so annoying,
(2) their sending mailer is severely broken in another way (it retries
5xx-rejected messages) and they don't seem to care, or at least haven't
fixed it despite my doing my best to point it out at least twice, and
(3) I haven't found myself doing anything but glance-and-delete with
bugtraq mail in a while.
Okay, rant over. :-/
So you are claiming "It's OK to send challenges to bogus mail because
there's a way for the victim (recipient) to filter them out"? How
does that differ from a spammer claiming "I put ADV: at the beginning
of my Subject headers so it's easy to filter them out if you don't
want them"? Spam is spam, and if you auto-send email in response to
forged messages, you're spamming.
Ah, but *my* mail is okay, because I'm not selling anything. Um, I
mean, because it's just challenges, to keep my mailbox clean. Er, that
is, because my heart's in the right place. Rather, it's only a tiny
quantity of messages, only a few a day....
There seem to be a disturbing number of people who seem to actually
take some such stance. I've had at least two go-rounds with people who
try to do unauthorized relaying through my mailserver and can't seem to
understand why I find *their* relay attempts just as abusive and
unacceptable as anyone else's. (Most recently this was SORBS; before
that it was the clowns behind eu.net.)
Speaking of which, my "mail" spam-sink seems to be catching a low level
(maybe two a day) of what appear to be open-relay probes, and my other
defenses are seeing the occasional SMTP address-space scan attempt.
Perhaps spammers don't think open relays are as dead as common wisdom
thinks they are.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML
mouse(_at_)rodents(_dot_)montreal(_dot_)qc(_dot_)ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg