On 2006-01-22 20:22:33 +0000, Michael McConnell wrote: > On 22nd January 2006 at 21:07, Peter J. Holzer wrote: > >On 2006-01-22 19:40:09 -0000, John Levine wrote: > >> Russ Nelson has experimented with a R (no C) technique based on this > >> observation. When a message from an unfamiliar address arrives, his > >> setup sends an auto-ack and puts the mail into a holding pen. If the > >> auto-ack bounces, he moves the message into the spam folder. If after > >> 15 minutes or so there's no bounce, the message moves into the inbox. > >> > >> He said it works quite well. > > > >However, it still sends mails to innocent bystanders. It is mitigated by > >the fact that each address only gets one mail, but if this is widely > >implemented, the owners of the forged sender addresses used by spammers > >will be bombarded with auto-ack messages. > > That would depend if the auto-ack is an entire message, DATA and all, or > whether it stops after checking the response code to RCPT TO at the sender's > mailserver. That's a different technique, which is already implemented in some standard MTAs. Postfix calls this "sender verification", Exim uses the more descriptive term "smtp callback". The problem with this approach is that a positive reply to a RCPT TO is no guarantee that the address exists. Some sites accept all mails and then send bounces. Russ' Scheme gets around this problem but at the cost of potentially being much more annoying to forgery victims. (I guess that it could be combined with SPF or DKIM to give victims an easy way to avoid being ddossed) hp -- _ | Peter J. Holzer | Ich sehe nun ein, dass Computer wenig |_|_) | Sysadmin WSR | geeignet sind, um sich was zu merken. | | | hjp at hjp.at | __/ | http://www.hjp.at/ | -- Holger Lembke in dan-am
Attachment:
pgp05oNkprbnI.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg