[Top] [All Lists]

Re: private key BATV is useful

2008-05-19 07:42:37

For BATV to be useful, a domain would have to be able to say that all messages from that domain must have BATV tags. I can't see anything in the spec to cover that requirement. Otherwise a spammer will just send messages without BATV tags, and BATV will achieve nothing other than upsetting some legitimate mailing lists...

The main goal of BATV is to deal with bounce blowback, that is, DSNs due to spam sent with forged return addresses. If your domain is popular among spammers, blowback can be a serious issue. On a bad day, my domain gets 400,000 bounces for mail it didn't send.

The only thing prvs accomplishes is to let you tell whether an incoming bounce was sent in response to a message you actually sent. If you know that you sign all your own mail, you can be reasonably sure that bounces to signed addresses are real, and bounces to unsigned addresses are fake, give or take the edge cases we've been discussing.

John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.