On Thu, 30 Jun 2005, Hector Santos wrote:
You have a POST SMTP "CBV" like concept using DSN, we use a pure CBV at the
SMTP level.
I could do that too, but then I couldn't quote the Subject or other
parts of the message.
This means you have a much higher payload scalability issue. For a large
system with a high spam ratio, that would be a tremendous amount of
overhead.
Very few messages get as far as the DSN. And we get >30000 spams per day
vs <100 real emails. There are many other layers. The simplest layer
that cans the most forgery is the HELO blacklist. I blow off
connections from MTAs that use my own domain in the HELO. The second
most effective is to blow off HELOs with a numeric IP (not allowed
by rfc2821, and I've never seen a real email that does it). That's
just for starters.
In other words, I bet you will get the same near result with a much greater
efficiency by doing a CBV at SMTP instead, rather than receive your payload
first.
The main purpose of the DSN is to annoy people that have misconfigured
mail systems. In addition to softfail, the DSN is sent for systems
with missing/invalid PTR, invalid HELO, and no SPF record or neutral
result. They need to get one of the 3 right so I have a domain to
block if needed. The CBV aspect is a side benefit.
Before the DSN feature, I simply rejected the misconfigured mail with
an explanatory message. Then, my users would get a call from their
customer/vendor complaining that they can't send mail and get this
message they don't understand. Then, my users call me. Then I would
manually construct a local SPF record (effectively whitelists the
sender with all the power of SPF, e.g. restricted by IP), and try
to get in contact with the mail admin to help them fix their server.
This was all way too much work, and the mail admins would just argue
with me, explaining that 'JUPITER' must be an RFC compliant HELO name
because they've been using it for years. For some reason, the DSN
carries much more authority and gets better results than a personal phone call
or email. Go figure.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.