spf-discuss
[Top] [All Lists]

Re: [spf-discuss] (SOLVED) SPF blocking e-mails coming from an E-card service server

2007-04-28 00:56:06
On Sat, Apr 28, 2007 at 12:21:12AM -0400, Stuart D. Gathman wrote:

Your way: you get a bogus bounce for each e-card sent by the meanie.

Which is rate limited, fine, but still is more than one with relatively
little effort.

Alex's way: you get a bogus bounce for each time the meanie enters
      your email to create an account.

Not just an email address.  See cookie #1.  More effort and less result.

There's only one mail per malicious subscription.  There's more than one
bounce if that same person can send ten e-cards.

(BTW it's not a bounce, it is a message which is sent in "my way")


In both cases, you already limit the number of time they can do that by IP.

I don't see the advantage to requiring accounts, Alex.

* General principle: know who is using your service. In this case,
  knowing the (verified) email address is good enough.
* One mail (per try) instead of more than one bounce (per email
  address, IP address)
* Sending unsollicited mail is bad, but the following example at least
  sucks less than a misdirected bounce:
  "
  Someone, presumably you, asked us to send this invite.  The request came
  from $IP_ADDRESS ($RDNS).  If this is not you, please accept our apologies
  and please complain to their ISP.

  If you reply to this message, leave the subject int... yadda yadda yadda
  "

I'm sure I can think of more if I really try.

cheers
alex

-------------------------------------------
-----------------------------------------------------------------------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735
Powered by Listbox: http://www.listbox.com

<Prev in Thread] Current Thread [Next in Thread>