--David Brodbeck <gull(_at_)gull(_dot_)us> wrote:
I just disagree.
I understand your dislike the cost-shifting, but consider the other
perspective. You're asking me to accept several hundred kilobytes of spam
a day so that you can avoid a few K per day (at most) of traffic from CBV.
That seems pretty selfish.
I made a point about cost-shifting before, but it was sort of the opposite
direction. I don't want to *require* all recipients to use CBV just to get
the info on what is good or bad. That would be cost-shifting from the
sender to the receiver (or, more accurately, shifting costs that the
spammer already shifted to the sender one step further)
I think those sites that choose to use CBV should go ahead and do so... the
fact that it might be used to attack someone else is something you'll just
have to deal with if/when the time comes.
Secondly, if I don't do CBV, it's very likely you'll get a bounce message
*anyway*, which will generate exactly the same sort of traffic. Because
of the peculiarities of the email system I maintain, it's unable to reject
invalid recipients at SMTP time. CBV means I generate a lot fewer bounce
messages.
Wow, is that really the main driving force behind using CBV? That's
screwed up, man :)
Seriously, accept-then-bounce is quickly falling out of favor and can
already get you blocked some places. At least you know what you have to
fix next... make it so all your MX servers know the valid *destination*
addresses so that they won't accept mail that can never be delivered. All
MX servers (including secondaries) should know the complete list of valid
addresses and should reject (not bounce) anything else. Use CBV within
your OWN organization if you have to :)
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>