----- Original Message -----
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
To: "Eric A. Hall" <ehall(_at_)ehsco(_dot_)com>
Cc: <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Wednesday, July 07, 2004 8:25 PM
Subject: Re: Forging (was Re: Differences between CSV and Sender-ID )
Eric,
EAH> but on the other hand the spammers aren't that smart in the
short-term,
spammers have proved to be smart, adaptable and quick.
The only evidence of adaption has been at 2822 and the hackers (the smarter
ones of the abuse crowd) finally realizing they can exploit some aspects of
2821 - SORBIG!
The industry really started screaming when SORBIG started to exploit
everything about SMTP using a dual distribution concept.
That is when I finally got involved - no more or less a reason. The payload
is the responsibility of the sysop or any post smtp operation. Although
there was adapation by spammers, sysops had somewhat of a handle of this
with the post smtp mail filters tools. But when it wasn't spam but viruses
and bounces were being forced - POOF! - Major problem.
If you close 2821 - minimize payload acceptance, you drastically reduce
the effectiveness of any spammer adaptation at 2822. Its a non-issue
basically.
MARID must be give more power to 2821.
This is why I have kept repeating, any MARID logic that requires PAYLOAD to
be used will suffer the consequences, not only in the 2822 adaptation but in
increasing payload bandwidth as well.
I should also note this is a network wide consideration, not just a local,
isolated experience. All my customers are benefiting from the more SMTP
enforcement concepts and DNS reductions efficiency ideas used for our SMTP
server.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com