On Wed, 1 Dec 2004, John Leslie wrote:
CSV exists to document authentication and authorization so as to make
domain-based whitelists useful (and a few other side-effects). Marking
domains as "not-authorized" is a rather minor optimization, concerning
a field which will almost never be visible to the end-user.
I think you're missing a massive marketing opportunity by taking this
stance. If a site advertises CSV and checks it, it will immediately reduce
its spam load by about 10% because of the prevalence of HELO forgery.
Extending CSV to allow domains to impose a blanket ban on the use of
their subdomains in HELO would be an easy win. On the other hand,
Leslie-CSV isn't enough of a benefit over my existing HELO heuristics to
be worth making an effort to implement it before it finds its way into
SpamAssassin.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.