----- Original Message -----
From: "David MacQuigg" <dmq(_at_)gain(_dot_)com>
To: "Glenn Anderson" <glenn(_at_)qualcomm(_dot_)co(_dot_)nz>;
Sent: Friday, March 11, 2005 8:10 AM
Subject: Re: Can reputable domains stop outgoing spam?
I'm interested in what impairment AOL has suffered as a result of their
policy to eliminate *outgoing* spam from *AOL systems*. See
for a discussion of their policy and claims "Spam is a completely solvable
problem." and "We do not send it anymore."
Hate to beat on the proverbial "dead horse" but AOL, like small vendors
like us, have seen the major benefits gained by tightening up the screws a
bit. The problem is so large, it is clear the benefits outweigh the
initial pains anyone might feel. Pains where a medicine fix exist.
With that said, in our support experience, the "impairment" is that it
puts pressure on ISPs to:
a) Clean up/properly setup the site (yes, SMTP compliant)
b) Add their own enforcements,
c) Get something that whitelist/authorized AOL machines, and
d) Get their own sites whitelisted with AOL.
We had two AOL related ISP incidents to work out in the past 2 days. The
first was solved with C and the second one would probably be solved with D.
That incident is still open. (See below)
With the second incident, the ISP customer reported AOL blocked them, but
more importantly AOL hide/strip the recipient information in the DSN/Bounce
making it difficult for them to analyze the report. I am still looking at
this one but told the customer to check out AOL's WhiteList policy stuff.
In regards to SPF, until the transition domain change concept is
implemented across the board to handle the forwarding problem, such as by
using SUBMITTER, the user's themselves might be impaired by enforce them
to not use aliases even in authorized environments. The SUBMITTER and PRA
exemplifies this potential user privacy problem.
In case others are not aware of submitter, since it is SMTP related, I
will briefly describe it. This is an ESMTP MAIL FROM modifier which
addressed the SPF forwarding problem. When the responsible domain changes
in relationship to the sender machine IP address, the SUBMITTER can be
used to satisfy SPF lookups.
If SPF sites do not have "forwarding mail" solution on both ends
(sending/receiving), the MUA user will be restricted in alias name usage.
What is surprising to me is that there is a large ISP (bellsouth.net) who
thinks that might not be a bad idea in my discussions their recently
installed SPF policy-only ready site and how bellsouth.net users will not be
able to use aliases if the email is destined to a SPF ready site.
SUBMITTER can solve this, but the SPF-ready MDA must support it too.