ietf-mxcomp
[Top] [All Lists]

Re: Is the back door open?

2004-07-29 18:25:13


On Jul 29, 2004, at 3:52 PM, Douglas Otis wrote:
If the bouncer has published their SPF record, then the bounce may
receive a Pass(+) rating. : (

This is getting repetitive.  Why is it bouncing and not rejecting?

No. Bounce traffic is from a third-party beyond the control of the MTA
receiving the bounce.  This is not between related parties.

And this is NOT the ralph, fred, bob scenario you started with. So now we are back to receiving a bounce out of the wild, blue yonder?

No. The Sender-ID rating system directs mail into different folders
(rat-holes), and leaves to the end-user the task of sorting and
deleting.

It does? I'll admit that I'm juggling multiple working groups and umpteen various drafts between them, so I could have missed it. But where is that written?

  The goal should be to have the message either rejected
outright or placed into the inbox.  If there is a problem, it can be
discovered and resolved, at the expense of the sender.

So where does Step 6 fail on this?

The Sender-ID approach seriously degrades reliability of mail in a
systemic fashion, and puts a much greater burden onto the recipient.

This is an unproven statement.  Repeating it doesn't make it come true.

  It
does not really stop phishing, bounces, or spoofing.

What new data do you have on this that can be added to past discussions of what some MUA's do and do not display to the users?

  It does not
identify the domain responsible for the introduction of the abuse.

No, it identifies the domain which will undergo a forgery check, just like CSV and SPF. In the abusive case, all 3 do not identify the domain responsible for the introduction of the abuse. A spammer need not have purchased a domain to forge another.

  It
does not allow a means to control such introduction.

What about SUBMITTER?

  It does break
forwarding. It does break mail "exploders".

In some cases, yes.  So does SPF.  CSV doesn't.

 It does cause users to
change their mail address.

What?

  It does cause users to expose more of the
mail addresses.

What?

  It does put mail and DNS at risk.

This is another unproven statement.

-andy


<Prev in Thread] Current Thread [Next in Thread>