Stuart D. Gathman wrote:
They publish no SPF record and provide no other way of
authenticating these spamtrap addresses.
After I've told them about five times that that's an utter
dubious plan I've given up. Arguably a "secret spamtrap"
is compromised if it publishs v=spf1 -all, but actually it
could obscure the -all (e.g. by adding some PASS IPs), and
if a "secret spamtrap" address is forged in a Return-Path
it probably is already compromised.
This pretty much guarantees that any RFC compliant MTA
will get blacklisted.
2821-compliant MTAs send DSNs if at all to the originator.
Ignore the part about "as indicated by the Return-Path",
that's obviously nonsense today.
Unless it got an SPF PASS, or you're otherwise sure that
the Return-Path is okay, or you're sure that you don't
need to send any unsolicited DSN later.
they seem to be oblivious to the fact that spammers are
using their spamtrap addresses for MAIL FROM! Should I
waste my time trying to explain why their system needs
some work?
AFAIK they know this. I wonder why you send unsolicited
DSNs to unverified Return-Paths. That's net abuse, or did
I miss something in your scenario ?
Frank
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com