On Friday, August 27, 2004 at 8:42 AM, Michael R. Brumm argues: (again
by my summary / paraphrase)
That he receives lots of bounces containing spam where the spammer
intended him to read the bounce (as opposed to his receipt being
collateral damage).
If that's true (and it hasn't been my experience), then he should
install SES or some other unilateral scheme of getting rid of bogus
bounces. This will be 100% effective, instead of relying on the rest of
the internet to figure out which bounces are unwanted.
That he gets so many bogus bounces that he has erroneously overlooked
legitimate bounces.
Same answer as above.
That the bounce address is strongly relevant in determining mail
authenticity.
I continue to disagree. There are too many scenarios where the bounce
address is uncorrelated with the MTA that's delivering a message; this
means that any scheme that attempts to reject mail based on those two
inputs (bounce address and IP addr of sending MTA) will have too many
false rejections.
That the right taxonomy for authenticating mail is protect the MTAs,
protect the envelope, protect the content.
For all the reasons discussed here over the lifetime of the group, I
disagree.
-- Jim Lyon