spf-discuss
[Top] [All Lists]

Re: Latest proposal re HELO checking: make HELO tests optional

2004-03-09 19:21:13
In 
<1078869447(_dot_)17344(_dot_)14(_dot_)camel(_at_)imladris(_dot_)demon(_dot_)co(_dot_)uk>
 David Woodhouse <dwmw2(_at_)infradead(_dot_)org> writes:

On Tue, 2004-03-09 at 12:27 -0600, wayne wrote:
Well, it all depends on your priorities.

If you think that a lost bounce is more important than abusing
innocient third parties, and your ISP lets you get away with abusing
innocient third parties, then go ahead and put your customers
interests ahead of everyone else.

I believe, along with many others, that the lost bounce _is_ far more
important than the potential for bounces to innocent third parties. 

It is more than just "the potential".  Spam is far more likely to
trigger a bounce than legitimate email.



Especially since third parties who really care about such things can
easily use VERP or SRS on their own outgoing mail, and then reject
bounces to their 'raw' addresses as I do.

Using SRS on all your outgoing email is a way of protecting yourself
from people who think it is ok to send bogus bounce to innocent third
parties.

The strange thing is, you made strong objections to the SRS1
short-cutting because of the far smaller potential for abusive
bounces, but apparently, you are perfectly happy to bounce stuff
directly.  I don't get it.  I think both are bad.


  I do think that all too many mail admins have decided that it is better
 to silently drop email rather than generate a bounce.

If even one person thinks that, then it's too many. Just like those who
elect to reject all MAIL FROM:<>, these people really need to be
prevented from ever holding a position of responsibility again.

Hotmail, MSN, Yahoo, AOL, etc. are all know to silently drop large
quantities of email.  This is *bad*, but this is the state of email
today.  SPF, and other designated mailer systems, may be able to
change this back.


-wayne


<Prev in Thread] Current Thread [Next in Thread>