Inspecting the body of the bounce is not sufficient, because there are
bounce-like messages such as vacation notices which do not include any of
the original message, but which you still want to receive. It is also
cheaper to detect backscatter at envelope time,
Having been using a prototype of BATV for a while, I can confirm that you
cannot count on finding anything consistent or mechanically testable in
the bodies of mail sent to bounce addresses. Also, BATV is designed to be
extremely lightweight in its simplest form. My prototype is only a dozen
or so lines of code in my SMTP client and about 100 in the SMTP daemon.
To date it works very well.
and it has the side-benefit of working well with callback verification.
Considering how pernicious callback verification is, I see that as a minor
drawback. Those of us whose addresses are forged on millions of spams a
day realize that callbacks are just another kind of DDOS.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.