On Wed, 9 Jun 2004, Seth Goodman wrote:
My theory is that the XML 2822 checks can happen outside the MTA. WAIT!
Before anybody screams about bogus bounces to innocent domains,
suppose that layer 1 checks are a requirement for bouncing or dropping
a message that fails layer 2 checks after accepting the message.
Wouldn't layer 1 still prevent sending all the bogus bounces to innocent
domains?
Almost, but not completely. You be the judge as whether it is good enough
based on the following:
assume spammer.com is a real domain with an SPF record,
MAIL FROM:<victim(_at_)domain1> SUBMITTER:<outgoing(_at_)spammer(_dot_)com>
RCPT TO:<non-existent-user(_at_)domain2>
The above is no problem for someone like me - I specifically authorize
all forwarders.
However, it is a big problem for AOL and other big email domains - and that is
where most of the bogus bounces come from.
So the requirements are more subtle. If you whitelist forwarders,
you can delay layer 2 checks. Otherwise, they must occur before
accepting the message.
Unfortunately, the shops which are least able to whitelist forwarders (AOL),
are also the ones who would most want to delay layer 2 checks.
Oh well. Those kind of bogus bounces are all caught by SES. The ones giving
me trouble are the ones that are forwarded by my own secondary MXs because
there is no SPF for the domain. As soon as I can start rejecting on
lack of SPF, I won't have any.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.