On 9/1/06, Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> wrote:
Michael Kaplan wrote:
> I will illustrate by example. You receive an email from a
> stranger. As is often the case the email is not authenticated
> by DKIM or Sender ID, it isn't S/MIME signed, and it isn't
> using a sub-address. Your filter rates this email as having
> an intermediate risk for being spam. Under my system this
> email would be bounced back to the sender
That's technically impossible, unless you forgot to mention
that it had an SPF PASS. Otherwise you participate with over
95% probability in DDoS or other net abuse, sending mails to
innocent bystanders.
Your argument is not unique to my proposal but it is directed against all
bounces, vacation messages, etc. It is certainly not technically
impossible, but I assume you mean undesirable. Existing methods such as
BATV can easily protect mail systems from this problem. The Auto-Reply
update to MUAs will block erroneous bounces for almost the entire global
email population.
It is highly unlikely that email with an SPF PASS would get bounced.
The receipt of erroneous bounces would annoy some (mostly victims of Joe
jobs) but, ironically, it would accelerate the adoption of BATV and the
Auto-Reply update for MUAs.
I suggest that when debating an anti-spam proposal we should answer
questions in a certain order:
1st - If implemented will it actually stop spam?
2nd - Is it practical to implement?
3rd - Is it unacceptably burdensome to the sender/recipient?
4th - Is it unacceptably burdensome to third parties?
Thank you for your input,
Michael
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg