In <9156B81DAA29204989AD43E88688FAABF7EDD3(_at_)df-lassie(_dot_)dogfood> "Harry
Katz" <hkatz(_at_)exchange(_dot_)microsoft(_dot_)com> writes:
This is of course a laudable goal. But are we really going to save
much bandwidth? It seems to me that if we reject messages on the
basis of the MAIL FROM then spammers will simply register throwaway
domain names, publish the appropriate DNS records and pass the
validation.
Yes, I expect spammers to start using throw-away domains more
frequently if the RFC2821 from passes validation. However, that's
where graylists and RHSBLs come in and ruin the spammers day.
Moreover, throw-away domains leave a lot more trails to track,
especially with ICANN cracking down on bogus info in the registry.
Hmmm... I guess this is getting way out of scope for this working
group. Maybe I should just sum it up with this: The problems of
spammers using reacting to validated RFC2821 data has been thought
about quite a bit, and I don't think it something they can escape
from. However, even if they could, validating the RFC2821 data means
that spammers won't be spoofing *my* domain.
If you want to discuss this issue further, the
SPF-discuss(_at_)v2(_dot_)listbox(_dot_)com mailing list would be more
appropriate. I
think the ASRG mailing list might also be appropriate, but since I am
not following it closely right now, I can't say for sure.
-wayne