On 08/Feb/10 17:42, Seth wrote:
John Levine<johnl(_at_)taugh(_dot_)com> wrote:
If a spammer wants to confirm receipt, which very few of them do, he
uses web bugs. I suppose info about the MUA might be marginally
useful, but if I were a spammer and knew that a recipient was
sufficiently annoyed to press the spam button, I'd take them off the
list. I still have millions of other people to mail to, after all.
But I'd also sell his email address as a "known to exist, known to
look at spam" one :-(
That's the risk we run when _mis_directing ARs. It can be minimized by
choosing a header that MTAs are aware of and actively zap unless
trusted, just like the A-R field of rfc 5451. Possible alternatives
may be to
1. use 5451's authserv-id,
2. create an A-R's extension, or
3. create a brand new header field.
(I'd never go for #3, to avoid duplicating specs. #1 seems good to me,
as I'm not aware of conflicts with existing deployments.)
Sooner or later we'll have to discuss how MTAs would route ARs in
order to avoid bad recipients, and this question will be even more
relevant at that point.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg