On Wed, Aug 04, 2004 at 10:37:11AM -0700, Hadmut Danisch wrote:
|
| So I will still receive thousands of bounce messages because spammers
| are abusing my address for sending messages?
|
| Until now they used
| MAIL FROM: <hadmut(_at_)danisch(_dot_)de>
| from now on they will use
| MAIL FROM: <hadmut(_at_)danisch(_dot_)de>
SUBMITTER=spammer(_at_)farfar(_dot_)away
|
| and I'll still receive all that bounce rubbish?
|
IF the strategy for SUBMITTER is "assume innocent until
proven guilty", then the answer (crossing your fingers) is
that RHSBLs will list spammer(_at_)farfar(_dot_)away quickly.
I would prefer the following:
IF the strategy for SUBMITTER is to limit its use to
forwarding scenarios ONLY --- and I am going farther than
Harry Katz's presentation --- then a receiver can in theory
define a whitelist of recognized aliases for a given RCPT.
Any SUBMITTER address that is not in that list can be
rejected.
This strategy means that mobile scenarios, etc etc can NOT
do
MAIL FROM:<joe(_at_)legal(_dot_)example(_dot_)com>
SUBMITTER=<joe(_at_)blackberry(_dot_)net>
they MUST do
MAIL FROM:<joe(_at_)blackberry(_dot_)net>
The joe(_at_)blackberry(_dot_)net is a sender-side alias for
joe(_at_)legal(_dot_)example(_dot_)com(_dot_) I would prohibit sender-side
aliasing for SUBMITTER.
I would prefer to only allow receiver-side aliasing for
SUBMITTER:
MAIL FROM:<joe(_at_)legal(_dot_)example(_dot_)com>
SUBMITTER=<mengwong(_at_)pobox(_dot_)com>
RCPT TO:<mengwong(_at_)dumbo(_dot_)pobox(_dot_)com>
I would like to see a world where SUBMITTER if present is
ALWAYS a forwarding alias recognized by the RCPT.