On Oct 8, 2007, at 4:37 AM, Frank Ellermann wrote:
SM wrote:
TMDA may cause backscatter.
After an SPF PASS, the "backscatter" by definition can't hit an
innocent bystander. By the same definition any "backscatter" after
an SPF FAIL hits an innocent bystander, and therefore is net abuse.
There is a real risk SPF might be used as basis for acceptance,
rather than just for qualifying DSNs. As a basis for acceptance,
this can cause email to fail. The macro expansion of SPF records
permits the _same_ DNS record within a spam campaign to generate a
large number of subsequent and different DNS transactions to be sent
by recipients to "innocent bystanders". Much of the danger of auto
responses has to do with DDoS concerns. Unfortunately, SPF
represents a far graver concern than that caused by auto-responses.
A safer approach would be to format all DSNs per RFC3464 and remove
original message content. This reduces incentives for abusing the
automated responses. Mailman made a mistake where an error caused a
DSN that returned original content without first verifying the
validity of the return path. Had TMDA been a requisite for initial
acceptance, just those white-listed would have been prone to this error.
-Doug
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf