On Jun 1, 2006, at 5:18 PM, Walter Dnes wrote:
On Thu, Jun 01, 2006 at 01:32:14AM -0400, Seth Breidbart wrote
"Walter Dnes" <waltdnes(_at_)waltdnes(_dot_)org> wrote:
Real-life question...
1) How does any ISP (beyond a really small geek outfit) verify
that I
am authorized to use *(_at_)waltdnes(_dot_)org ?
Ask postmaster(_at_)waltdnes(_dot_)org
Being "master of my domain", I can personally answer that
question on
my own behalf. Would Google or Yahoo be able to verify to example.com
that Joe Blow is authorized to send out email as joeblow(_at_)yahoo(_dot_)com or
joeblow(_at_)gmail(_dot_)com when sending email from example.com? Manual
confirmation doesn't scale. Automating it opens up the potential for
address harvesting.
What do you mean "Manual confirmation doesn't scale"? Unless you are
one of those people that like to collect domains and enjoys mixing
the sender domains and the From domains, the number of addresses that
an individual would need to confirm would be quite limited.
I said earlier that the ISP could quarantine outgoing mail until the
confirmation succeeded. Even better would be to reject the mail in
the smtp transaction from the user to the ISP with a comment that a
confirmation email has been sent to the From address. This has the
same effect as a quarantine but provides immediate feedback to the
user, allows the user to then resubmit the mail with a different From
address and the ISP doesn't have to worry about quarantine queues.
-- Dan Oetting
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg