"terry" == <terry(_at_)ashtonwoodshomes(_dot_)com> writes:
terry> If the sending MTA is a virus with its own SMTP engine,
terry> then the 5xx or 4xx DOES prevent backscatter, because the
terry> virus does nothing with the error.
That's true, but that's equally true of SPF, Sender ID, or any other
cause of 5xx errors (and IME one of the biggest causes is "550 User
Unknown" responses from old addresses)
When there _is_ an upstream MTA, 5xx errors will cause backscatter;
when there isn't they won't. SPF is no different from anything else
in that respect.
The only way that SPF can solve the backscatter problem is if _every_
MTA implements SPF checks, so that there's _never_ an upstream MTA to
generate a bounce to a forged MAIL FROM. IMHO you need a pretty high
SPF adoption before you will start to see any significant gains in
backscatter reduction, and this will just take too long.
This seems like a red herring to me.
Backscatter is a big problem now, and it's going to get worse. I work
for a company that's been on the Internet since 1992 (and had e-mail
access since at least 1988). What we see is that the _vast_ majority
of delivery attempts are to non-existent users. Sure, a lot of them
are just speculative, but we see a *lot* of delivery attempts to
e-mail addresses that have long since been disabled, many of which
haven't been valid addresses for the best part of a decade.
The backscatter problem needs to be solved quickly. There are
promising solutions, and there are many people working on the problem.
Sure, none of them are completely without pain, but I'm confident that
the backscatter problem will be a non-issue long before we reach the
level of SPF adoption that would be necessary to make a serious dent
in it.
Let's move on...
-roy