[Top] [All Lists]

Re: NDNs considered harmful

2010-08-12 16:38:08

On Thu, Aug 12, 2010 at 12:58:51PM -0400, Hector Santos wrote:
In our implementation, we use CBV (Callback Verification) and this

This should never be used; it enables spammers to bypass security
measures, it facilitates DoS/DDoS attacks, and it's easily gamed.
We've known this for most of a decade; figured it out when we watched
Verizon deploy it and promptly get used to target third parties.
See the archives of spam-l for copious discussion and analysis.

Best practice is to make an accept/reject/defer decision during the
SMTP connection, thus (almost) entirely avoiding the need to send NDNs.
(The "almost" allows for the edge cases, which can be limited in number
and duration by engineering mail system architecture to ensure that
outward-facing systems are always in possession of the information
necessary to make decisions on behalf of internal systems.)