On Sun, May 02, 2004 at 01:46:35PM -0700, Matthew Elvey wrote:
|
| CSV (crocker-marid-smtp-validate): ties things as follows:
| Can a spammer set up a domain and rDNS with records under the spec and
| spoof From: yes, for all the extant I-Ds, including this one, and C-ID,
| BUT not for long - the domain will get blacklisted PDQ.
| Is a spammer forced to use a domain set up with records that specify its
| authorized MTAs: yeah.
Thank you for the review of CSV.
I have a question. Can you walk us through the scenario where a
spammer, in response to CSV, uses a HELO domainname "goodguy.com"
where:
- goodguy.com has an A record, so it passes basic validity tests;
- the A record does not match the spammer client IP;
- goodguy.com is a legitimate nonspammer domain;
- goodguy.com does not have a CSV record (maybe goodguy.com is too busy to set
up CSV right now)
what does a receiver do?
I should point out that goodguy.com's MTAs also use HELO goodguy.com,
and their IP addresses do not match the A record for goodguy.com
either.