On Mon, 27 Mar 2006, Tom Lahti wrote:
SRS does not prevent bounce-spam "in a tiny minority of cases", it
completely eliminates it. I am eliminating 80,000+ per day using SRS
signing and have not had a single spam report from a user since
implementation that involved a fake DSN.
SRS signing COMPLETELY eliminates fake-DSN spam, and without the
possibility of rejecting a real one. I am not saying "probably", I
am saying it DOES. I've been doing it for quite some time now.
Same here, with one caveat. Some braindead MTAs have a policy of
rejecting localparts from any domain containing '+' (same idea as rejecting
localparts beginning with SRS). Of course, this breaks many things
apart from SRS. For these domains, I have to turn off SRS signing.
As a consequence, I cannot accept DSNs from such braindead domains
(since they also relay bounce spam). Something for Johann to keep
in mind - and a caution against apply a "no SRS" policy to any
except a few braindead domains acting as an open relay.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com