Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID Verification)

["Hector Santos" <winserver.support@winserver.com>]

----- Original Message ----- 
From: "Bart Schaefer" <schaefer@brasslantern.com>
To: <asrg@ietf.org>
Sent: Monday, December 01, 2003 4:26 AM
Subject: Re: [Asrg] 0. General - anti-harvesting (was Inquiry about CallerID
Verification)


> On Dec 1,  3:51am, Hector Santos wrote:
> }
> } For ESMTP V2.0 Servers:
> }
> } Compliant servers must support VRFY as a way to validate return address.
>
> That doesn't address the issue (pun?).  See my example of MTA1 sending to
> MX2, which tries to verify the address using MX1.

I did.  I saw nothing there.  See my reply which outlines the logic you
described.

> Unless you impose the additional requirement that MX1 be able to verify
all addresses that may
> originate from MTA1, it doesn't matter whether you use VRFY or RCPT.

Nothing to impose, its already part of the specification.  The RETURN PATH
is a REQUIREMENT for proper SMTP operations. period.  You don't have it, it
presents improper operations and spammers have exploited this hole!

All you have basically shown is that there is a scalability issue.

That is true.   But more importantly it will be become a redundancy issue
more than anything else, because once it works,  there will be a lot of
redundant checks against valid addressing which then says that maybe it
could fall back to a LMAP method where you just validate the domain.

---
Hector Santos, CTO
WINSERVER "Wildcat! Interactive Net Server"
support: http://www.winserver.com
sales: http://www.santronics.com






_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg