John,
I think checking the HELO *alone* is not an adequate solution to the
problem set. I don't think CSV alone is enough to be effective
against spam coming from big ISPs, where good and bad mail may flow
from the same MTA.
JL> With any MTA of any size, you're going to get a mix of good and bad
JL> mail.
JL> A fairly fundamental question is whether we consider that to be a fact
JL> of life that MTA operators can't control, or we consider MTA operators
JL> to be responsible for the mail that they send, and evalute them in
JL> view of their entire mail stream.
To re-use some text from a parallel posting of mine:
DC> CSV vets an entire MTA session. It accredits the MTA based on the
DC> operator of that MTA.
DC>
DC> Current whitelist and blacklist services focus on the MTA network, ie,
DC> the operator of the MTA. So CSV provides a standardizing mechanism
DC> for existing practise.
DC>
DC> The limitations of that practise are demonstrated every day, but so
DC> are the benefits.
In other words, whatever its limitations, it is already viewed as
having field-tested utility.
JL> I realize that opinions differ, but I would like to see a scheme like
JL> CSV that uses an IP address to identify an MTA,
It recently occurred to me that we should add support for direct IP
Address accredition, if only as a transitional mechanism to facilitate
adoption by those already using IP Addresses based accreditation.
I've already started discussion with my co-authors.
I believe domain-name based accreditation has better economies of
scale and better stability, but it's clear where the current installed
base for this model is...
d/
--
Dave Crocker <mailto:dcrocker(_at_)brandenburg(_dot_)com>
Brandenburg InternetWorking <http://www.brandenburg.com>
Sunnyvale, CA USA <tel:+1.408.246.8253>, <fax:+1.866.358.5301>