spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re[4]: Is there is proposed checks on bounces and delivery notification ?

2004-07-13 13:02:55
from [Andrew G. Tereschenko] [Permanent Link] 

----- Original Message ----- 

[Ralf Doeblitz]



OK, the spammer requests an MDN.


Disposition-Notification-To: <christopher(_at_)xxxxx(_dot_)com>


This is not a valid header. DSN always have to be sent to the envelope
sender according to RFC3464:




How about VERP?

I would like to collect not only bounces - but also delivery receipts
automatically.

Even more - I would like two different VERP addresses used for server
delivery and actual user read.



So example I would like to know if user or at least his mail server received
my invoice with "net 5 days payment terms".

I want to know it was not lost or delayed in transit.

I do not want user to compose confirmation emails manually (think about his
per-hour rate and timesaving ;o) - use software for this purpose.



Also I would like software allow me to do all this, while preventing abuse.

For example AOL SMTP outgoing server must not allow specify DSN on mailbox
of another AOL user (but aliases of current user is ok).

Validation must be performed (just like current virus scan), and forged
email blocked early.

But if user decided to put notification/reply-to addresses using domain he
own (other that @aol.com - for example @jondoe.com),

SPF must transform in Reply-To Permitted From and DSN Permitted From.




So apparently tag(_at_)xxxxxx(_dot_)ua decided to send an MDN to
christopher(_at_)xxxxx(_dot_)com (I just hope that you chose that address 
well and
did not burn a real customer's address). .


SFP validate From:/Sender: email to belong to real sender.

Why do you expect all others valuable email addresses validated manually by
user?

(BTW, How? I do not see email address I will send MDN. My extremely popular
Outlook Express shows me simply "Yes/No")



How it this different from current situation I can analyze "Received: "
headers to check "From:" are legit?



I would like to obtain as much as possible information automatically.




Although honestly I do not know anybody who is willing to accept that kind

of invasion of privacy, all

of my correspondents reject MDN requests




As for privacy - it's for individuals. Not for business.

You cannot ignore USPS mail letter with court order and ask postman to not
send delivery or non-delivery receipts ;-)



I do not want email software cropped simply because you cannot prevent
abuse.

Instead if removing useful features - add abuse prevention.

If you will remove features currently described in specification - this
result people to reinvent wheel.



--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Are SPF fault tolerant ? How to make SPF records changed correctly ?, Ralf Doeblitz
Next by Date:  Re: Are SPF fault tolerant ? How to make SPF records changed correctly ?, Andrew G. Tereschenko
Previous by Thread:  Re: Re[4]: Is there is proposed checks on bounces and delivery notification ?, Ralf Doeblitz
Next by Thread:  Re: Re[4]: Is there is proposed checks on bounces and delivery notification ?, Ralf Doeblitz
Indexes:  [Date] [Thread] [Top] [All Lists]