On Thu, 1 Jan 2004, Ed Reed wrote:

> I'm curious, Victor - do you use any functions to verify that the
> sender's
> email address is "live" to insure that a valid "reply" is possible?

No, this is not known to scale well to large sites. Also widespread
adoption of sender verification encourages joe-jobbing, for the victim the
torrent of spam bounces and abuse complaints are worse than spam (one of
my users was getting 10000 messages for a while...).

A high quality open proxy/open relay RBL combined with a good spam
detector (Spam Assasin or a commercial offering) are good enough in

A lot of the damage to email infrastructure associated with spam is caused
by misguided spam-fighters, rather than spam itself.

I am waiting for the law to be enforced, not for CPU waste proofs.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to