On Jun 29, 2009, at 11:46 PM, Danny Angus wrote:
I'm not sure what this is about..
The draft should drop its current definition of Sender. Spam does
not just originate from purported RFC 5321 Senders, nor is it safe
to assume that an MTA authorization referenced by an RFC 5321
Sender asserts where a message was initially created and entered.
Authorization does not provide this
property.
Please carefully review the Sender definition. The RFC 5321 Sender
does not indicate or assert where a message originated, or who created
message content, be they automated system, group, or individual. This
mistaken concept has often been (ab)used by those promoting path
registration as a means to authenticate originating domains. Those
who advocated path registration as a means to filter email soon found
bad actors defeated these filters. Those who expect path
registration provides a means to authenticate originating domains will
also find bad actors will also demonstrate this concept is also
flawed. Few Outbound MTAs ensure exclusive use of a domain. It is
also anyone's guess as to whether path registration is in regard to
the MAIL command, or the PRA.
Stronger statements along the lines of scaling might be helpful.
It seems increasing potential DNS transactions by an order of
magnitude or more has not been given adequate consideration in some
anti-spam efforts. :^(
I think the statements about scaling are clear, do you not?
These statements are not strong enough. Email is being heavily
abused. Every incremental overhead must be carefully reviewed as to
its potential impact.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg