On Wed, 2004-12-01 at 13:41, Tony Finch wrote:
On Wed, 1 Dec 2004, John Leslie wrote:
CSV exists to document authentication and authorization so as to make
domain-based whitelists useful (and a few other side-effects). Marking
domains as "not-authorized" is a rather minor optimization, concerning
a field which will almost never be visible to the end-user.
I think you're missing a massive marketing opportunity by taking this
stance. If a site advertises CSV and checks it, it will immediately reduce
its spam load by about 10% because of the prevalence of HELO forgery.
Extending CSV to allow domains to impose a blanket ban on the use of
their subdomains in HELO would be an easy win. On the other hand,
Leslie-CSV isn't enough of a benefit over my existing HELO heuristics to
be worth making an effort to implement it before it finds its way into
SpamAssassin.
I understand the motivation for wanting a means to publish mail policy.
There are many bits within CSV for doing many things including the
support of policy assertions for this level, the level above the label,
and all lower domain levels. Do we need to indicate the lack of a
label? (At root of policy bit?) Both CLEAR and MASS have the same
problem regarding a statement about mail policy. Finding this policy is
ugly and should only be done once for any mail related query. Perhaps
the Port field could be dedicated for making domain related policy
assertions to keep this field independent of comparisons made on Weight
regarding CSV operations.
-Doug