On Mon, Mar 08, 2004 at 08:17:41AM -0700,
administrator(_at_)yellowhead(_dot_)com wrote:
Actually, what I object to most is any system that encourages the receiver
to bounce the message instead of rejecting it immediately. That is the only
way to cut down on all the useless traffic that is currently being
generated. Because CallerID encourages background bouncing of email to the
spoofed return address, I still say that it is inherantly flawed; but that
is my opinion only.
I was triggered by your "after DATA" remark, which implied you were
against _rejecting_. You made clear you are talking about bouncing,
so after accepting the message. Now we can discuss :)
Lucky for MS the flaws in their protocol are already patched by SPF:
1a: check the envelope (SPF)
1b: reject if applicable (after rcpt_to)
2a: check the letterhead (CID)
2b: reject if applicable (after data before quit)
3a: accept message (send: 220 message accepted for delivery)
3b: scan for virusses and other time consuming tasks
3c: deliver, discard or bounce
In here, you can decide to bounce only to SPF-passed domains, else
discard. This means bounces are only sent to absolutely positively
correct addresses. I do NOT want to receive all of those "you have
a virus" messages but I sure as hell would appreciate the single one
that may be legitimate. If _I_ sent a message containing a virus (not
likely but never impossible) I don't think the resulting warning is junk.
But that is my opinion, of course.
cheers,
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags