On Jan 9, 2005, at 9:34 AM, Julian Mehnle wrote:
David Woodhouse [dwmw2(_at_)infradead(_dot_)org] wrote:
On Sun, 2005-01-09 at 13:55 +1100, Chris Drake wrote:
E) That mail server then originates a "bounce" for this faked email
back to my server. Thousands of different legitimate mail servers
are doing this, so my mail servers get swamped by crap that's
impossible for me to firewall or block (because it's a real
legitimate mail server "attacking" me).
It's not impossible to block; it's quite simple. Just implement SES.
Or we could just get all the others to implement SPF so these bounces
aren't generated in the first place.
If someone is so lazy to determine that they do not want an email after
the they have taken receipt it, then what would lead you to believe
that they would implement SPF during the SMTP session?
It doesn't take sender policy framework or signed envelope sender for
an administrator to realize that the user specified in the RCPT TO
doesn't exist. This is the case that is responsible for most back
scatter.
// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// OmniTI Computer Consulting, Inc. -- http://www.omniti.com/
// Ecelerity: fastest MTA on Earth