Jonathan Gardner wrote:
I know it isn't exactly the best idea, but how else are we
supposed to post a formal notice to everyone who owns a
domain and sends and receives email?
One thing which wouldn't be spam is to report erroneous
bounces, especially if you got more than one with forged
addresses of your domain.
The usual pattern is a part of a dictionary attack. You
could then inform postmaster@ that -1: his system is under
attack, -2: you didn't attack it, -3: how SPF would help
to reject (parts of) this attack. You could even add some
instructions for <http://spf.pobox.com/why.html> with the
MAIL FROM and the IP in question to demonstrate this effect.
Sure, it may be unsolicited
If it's an analysis of an erroneous bounce, then it's IMHO
not "unsolicited", and if the dictionary attack is still at
A..D it might even help. I'm not sure how fast the spammers
rotate the sending IPs, if it's less often then the forged
addresses, the postmaster@ could "teergrube" (tarpit) the
IP in question or simply block it for some time.
It is hardly spam in the UCE sense.
Sending bulk mail to arbitrary postmasters is spam. With a
good reason it's another story.
Bye, Frank