I have run into a problem with my policy of sending DSNs for credentialess
email. A client of mine was blacklisted by spamcop for sending DSNs to
forged spamtraps. Spamcop has secret spamtraps. Any email to a spamtrap
- even a DSN - gets you blacklisted. They publish no SPF record and
provide no other way of authenticating these spamtrap addresses. Then,
they seed the web with the spamtrap addresses so that spammers can find
them. This pretty much guarantees that any RFC compliant MTA will get
blacklisted. I can't just turn off DSNs for their spamtraps - because
they are secret (and need to be).
They were obviousing expecting spammers to use the spamtrap addresses as
recipients. But they seem to be oblivious to the fact that spammers are
using their spamtrap addresses for MAIL FROM! Should I waste my time
trying to explain why their system needs some work? Has anyone else
talked to them about this?
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com