Marc Perkel wrote:
I want people to use sender address verification against my servers for
the domains I host because if someone is spoofing one of my domains I
want it to fail. I welcome it. Because when domains do sender address
verification then it makes spammers fail. And if spammers fail they will
use someone else's domain - someone who refuses to use SAV. Is if theirs
anything that causes collateral damage it's the face that my domains are
less spammer friendly that yours are so they will spoof your domains
rather than mine.
That's just silly, and as a provider of an anti-spam service you should
know that.
SAV is a lousy anti-forgery mechanism, primarily because it isn't an
anti-forgery mechanism. At best it's a "somebody might legitimately use
this address but I have no idea if it's being forged in this instance"
mechanism. SAV doesn't make spammers fail, it merely requires them to
use a valid address, and guess what, they've got billions of valid
addresses at their disposal.
If you're concerned about, and want to prevent, your domains being
abused then sign your mail or use another mechanism that allows all
involved parties to agree upon a mechanism that requires more than DNS
queries against an unknown/unwilling party.
If you wish to continue using SAV, and going by past statements of "it
works for my customers so I'm going to continue to do it" I assume you
will continue, then *please* stop complaining here every time you get
blacklisted. If you must, though, perhaps SPAM-L would be a more
appropriate venue.
Daryl
- Re: Sender Address Verification is NOT abouse and very ... Daryl C. W. O'Shea
-
