[EMAIL PROTECTED] wrote on 04/18/2005 04:57:15 PM: > Unfortunately, we're stuck with SMTP as it's currently standardized, and > I do not see either of the proposals I mentioned becoming standards-track > any time soon. Even if they are widely accepted by the standards community, > I don't see MTA authors adopting them quickly, and even if MTA authors > adopt them, ratware authors won't. We're stuck.
Once the MTA authors adopt any new standard, the spammers will. Look at SPF. Their income *REQUIRES* adaptability to stay ahead (or at least) even in the cat and maouse game of filtering. Besides, if a new standard breaks some piece of ratware, how many tears will any of us shed? > > Yes, but how do you seperate my address from another address at the same > > domain? Give 28,000 users an address like [EMAIL PROTECTED] > > It's impractical. Some MTAs will batch together recipients that have > the same MX host, so that kind of indirection is all for naught. Which gets back to needing the ability to limit one recipient per message. Now that we've hashed that out and one recipient per message isn't going to happen what is the best way to handle suspect messages that are streamed by recipient? I really like MIMEDefang (and CanIt Pro) because I like the idea of rejecting the message at the SMTP level. But if we're generating bounces on messages that I reject, how do I know that I'm not bouncing them to someone that got joejobbed? I'd rather not be doing that... If SPF records were universally available with "-all", then we could prevent this by enforcing them immediately at the MAIL FROM stage, before even streaming by recipient. If it is a false positive bouncing (vs rejected) to a real user, it doesn't really matter, the message gets back to the sender alerting them that their message did not go through. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
