ietf
[Top] [All Lists]

Re: Why spam is a problem.

2002-08-14 23:03:51
At 8:32 AM +0300 15/8/02, Pekka Savola wrote:
On Wed, 14 Aug 2002, Keith Moore wrote:
> There must be a secure method that would allow a receiver to verify whether
 > or not the sender actually exists as a user on the mail server for the
 > domain the e-mail is coming from.

 this is already possible.  it is not sufficient.

It's possible but it's useless as one can't depend on it: too many MTA's
are configured to refuse EXPN/VRFY requests if they were implemented in
the first place.

It'd still be next to useless if everyone did implement it and allow its use - it's not sufficient because checking if the email address is correct won't help you if the header is forged.

(A quick check on spam I've received today indicates around 70% has a forged envelope address - and of those around 15% have *my* address as the source.)

Also, in many cases there are security issues (real and imagined) with having an external mail relay machine (as part of a firewall system) know what addresses are and are not valid.



<Prev in Thread] Current Thread [Next in Thread>