On Wed, 6 Jul 2005, Hannah Schroeter wrote:
When the C/R system does not first check SPF or otherwise ensure that
the return path is not forged (domain keys, whatever), then it
is a form of mail abuse second only to virus scanners that send warnings
with non-empty MAIL FROM to the return path.
Now, one could enforce the standards more strictly, i.e.
accept mail to non-SRS/SES addresses only from *non*-empty envelope
froms, and accept mail to SRS/SES addresses only from empty envelope
senders.
I do that. I doesn't help, because the %^$&*(#$ virus scanner sends:
MAIL FROM: <evilvirusscanner(_at_)cluelesswinduhsuser(_dot_)com>
RCPT TO: <innocentbystander(_at_)example(_dot_)com>
DATA
Subject: See how wonderful or scanner is!
We decided to annoy you every time our customer is sent a virus.
We hope this will make you want to buy our product, so you
too can annoy innocent people all over the world every time
someone tries to send you a virus!
.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.