ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: Receiver Initiated Authentication

2007-09-17 09:27:08
On 9/17/07, Peter Bowyer <peter(_at_)bowyer(_dot_)org> wrote:

On 17/09/2007, Michael Kaplan <michaelkaplanasrg(_at_)gmail(_dot_)com> wrote:


On 9/17/07, Frank Ellermann <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de> 
wrote:
Michael Kaplan wrote:

The core of this concept is that questionable unauthenticated email
will be bounced

I hope you mean "rejected", unsolicited bounces are evil.

Yes, in section 9  I summarize the Ironport data on the bounce problem,
and
it is a real problem.
Sometimes legitimate email is unauthenticated; adopting a policy of
absolutely never sending a bounce in response to an unauthenticated
email
will degrade the integrity of email.  Banning all such bounces solves
one
problem and creates another.

Your use of 'Yes' in your answer to Frank was clearly in the sense of
'No'. Unsolicited bounces are evil, and you're still proposing to send
them. This is bad. Why are you not talking about SMTP-time rejections,
which are not evil and don't suffer the same issues?


Peter


I am concerned about forwarded email.  Once the Receiver Generated SPF
database is established then most of the unauthenticated ham will come via
forwarders who already accepted the original email.  I'm open to any
suggestions on how to work around this, otherwise I still argue that highly
selective bounces are only mildly evil.

If we quantify evilness then:  Massive quantities of spam >> small number of
misdirected/easily filtered by BATV bounces.

I'm arguing for the lesser of two evils, and I argue that my evil is much
much smaller than the evil of existing spam.

Michael
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg