[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 0. General - Inquiry about CallerID Verification

To: "Yakov Shafranovich" <research@solidmatrix.com>
Subject: Re: [Asrg] 0. General - Inquiry about CallerID Verification
From: "Hector Santos" <winserver.support@winserver.com>
Date: Sun, 30 Nov 2003 02:32:28 -0500
Cc: "Alan DeKok" <aland@ox.org>, "ASRG" <asrg@ietf.org>
List-archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
List-help: <mailto:asrg-request@ietf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-post: <mailto:asrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
Organization: Santronics Software, Inc
References: <2A1D4C86842EE14CA9BC80474919782E0111322D@mou1wnexm02.vcorp.ad.vrsn.com> <c1e97a355b0e1a3d53a373400cb2817a3fc72e9b@mhs> <002001c3b59a$a9b07250$60c6d344@FAMILY> <3FC78D06.6020909@solidmatrix.com> <004601c3b5fd$211bcfd0$60c6d344@FAMILY> <3FC934C0.9090409@solidmatrix.com> <004c01c3b6f4$fbd54780$60c6d344@FAMILY> <3FC98DF8.3040704@solidmatrix.com>
Sender: asrg-admin@ietf.org

----- Original Message ----- 
From: "Yakov Shafranovich" <research@solidmatrix.com>
To: "Hector Santos" <winserver.support@winserver.com>
Cc: "Alan DeKok" <aland@ox.org>; "ASRG" <asrg@ietf.org>
Sent: Sunday, November 30, 2003 1:28 AM
Subject: Re: [Asrg] 0. General - Inquiry about CallerID Verification

> There is nothing in the current IETF email standards that requires (1)
> the sender's system to operate a valid MTA that responds to RCPT TOs for
> the email account that is sending the email, and (2) must not accept
> RCPT TOs to *any* address at its domain. For example, some domain owners
> use "catch alls" also to accept all incomings, which is perfectly legit,
> OR ISPs such as Yahoo that are doing this to stop harvesting and
> dictionary attacks.

Yakov, they are delaying the validation until the DATA state.   They are
probably using pareto's principle that suggest that most of their spammers
are TOO stupid to change their SMTP software to intepret that DATA results.
<g>

> What I would like to do, is to go through the SMTP model step by step,
> analyzing loopholes, and see what can be tightened and improved. Then
> from there we can figure out which proposals can work.

hope to see a good job. <g>

I'm available for technical review.

---
Hector Santos
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com





_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

References:
- RE: [Asrg] Re: 6. Proposals - rDNS and rMX
  - From: Hallam-Baker, Phillip
- Re: [SPAM] RE: [Asrg] Re: 6. Proposals - rDNS and rMX
  - From: Jukka Inkeri
- [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Hector Santos
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Yakov Shafranovich
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Hector Santos
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Yakov Shafranovich
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Hector Santos
- Re: [Asrg] 0. General - Inquiry about CallerID Verification
  - From: Yakov Shafranovich

Prev by Date: Re: [Asrg] 0. General - Inquiry about CallerID Verification
Next by Date: [Asrg] 4. Survey of Solutions - Methods of Authentication
Previous by thread: Re: [Asrg] 0. General - Inquiry about CallerID Verification
Next by thread: Re: [Asrg] 0. General - Inquiry about CallerID Verification
Index(es):
- Date
- Thread