On Tue, Jun 21, 2005 at 11:37:57PM +0200, Frank Ellermann wrote:
In the scenario above spammer(_at_)victim(_dot_)tld is an authenticated
user of the MSA victim.tld enforcing submission rights. This
spammer used his legit MAIL FROM.
A much better response, thank you. That doesn't mean I think this
is a big issue, there are (IMHO) just too many hurdles for spammers
to take this route and still be efficient.
It seems to me you are aiming for 99% correct of just a hand full
whereas I am willing to settle for 98% of a huge quantity. Also,
IMHO you can publish the PRA record if it is that important for you,
despite the fact that I share your strong feelings about having to
be forced.
I know there are hosts handling mail for many domains. I also
understand that those hosts may enforce submission rights. Do you
think the majority of them won't add a "Sender:" header or something
similar?
And even if you do, do you think the number of domains without such
a shared setup is not large enough to justify _a_test_ ?
You may be right, but so may I. I'm no MS fan, far from that. I
think they have a right to experiment and think an open and fair
dialog is a better way to convince them (and me) in stead of bashing
around calling people retards.
Alex