--On Mittwoch, August 25, 2004 06:12:53 +0800 AccuSpam
<support(_at_)accuspam(_dot_)com> wrote:
[...]
Second, the problem is once you enumerate the legitimate address
publicly, then you tell the spammers what they are.
The same is true for any kind of reputation system.
Not only can then the spammers forge you (not all recipients will
implement SPF) , but they can now spam you to high heaven!
So the "exists" mechanism is not going to work for this scenario?
It works, but it has its drawbacks. You could try "security by obscurity"
and disallow zone transfers for the subzone that contains the user entries,
but the spammer could still use a dictionary attack to find valid usernames.
But I do not think that this is a big problem as many addresses are already
knwon to spammers and used by them both as targets and fake senders. IMHO
you gain more than you risk by using this kind of whitelisting.
And remember, you only need this for users that can not use a submission
service (something that is easily set up and already offered by many
freemailers).
Ralf Döblitz