[Top] [All Lists]

Re: SMTP Transferred-By-Reference

2007-11-13 10:03:29

Alex van den Bogaerdt <alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net> wrote:
On Tue, Nov 13, 2007 at 09:53:24AM +0000, Tony Finch wrote:

However, I believe that in doubtful cases it's better to apply AI to the
complete message data than to attempt to analyse some abbreviated
notification. In most cases MTAs have enough capacity to do this: at the
moment (according to my stats) doubtful cases are about 30% of the email
that gets past blacklists.

The big difference seems to be what happens after you decide a
message to be spam.

Present day: you delete it without notification or you send it "back",
generating backscatter.

With TBR: you send a notification to the sender's domain. That server
should NOT forward the bounce to an innocent victim. Instead, the domain
could even count such bounces and be on guard about this customer.

Am I seeing this wrong?

   You're essentially correct, but the -00 spec does allow for the case
where you decide -- before fetching any part of the message -- that the
originator is not worth trusting, so you simply discard the URI silently.
Doug expects this to be frequent, if spammers actually use TBR. YMMV.

   This is a good opportunity to point out this _is_ a -00 spec. My
standards for a -00 spec may be higher than some (as Dave Crocker will
attest), but I'm sure it has some down-and-out errors, as well as areas
which could be improved by a WG-like process. Doug and I are certainly
open to that.

John Leslie <john(_at_)jlc(_dot_)net>

<Prev in Thread] Current Thread [Next in Thread>