It is certainly true that if the submit server is not operated by a
responsible entity, then
we have a problem. The right fix for that problem is probably something
similar to what
John has said AOL did in a similar situation: start greylisting mail from that
provider so
that the high rate of spam chokes their queues, and they will start to be more
proactive in
addressing problems.
Ah, OK. As I said, AOL used the IP addresess of the naughty users,
logged in the received headers in the incoming mail, to decide what to
reject. (It wasn't greylisting since they rejected it every time the
ISP retried.) Without those IPs they couldn't have done it, since
they certainly weren't going to reject legitimate mail from the other
users.
I'm glad to see that we now agree that logging the submission IP
addresses provides important security benefits.
R's,
John
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp