-- Michael Scheidell, CTO >|SECNAP Network Security Winner 2008 Network Products Guide Hot Companies FreeBSD SpamAssassin Ports maintainer Charter member, ICSA labs anti-spam consortium
> From: Mark Martinec <[EMAIL PROTECTED]> > Organization: J. Stefan Institute > Date: Thu, 3 Apr 2008 14:09:51 +0200 > To: <users@spamassassin.apache.org> > Subject: Re: Dramatic increase in bounce messages to forged addresses > >> Yes, we have also seen it on many of our clients domains. > > Same here. > > Does anyone have operational experience with a scheme of labeling > envelope sender addresses to recognize legitimate bounces to own mail, > such as the BATV scheme (Bounce Address Tag Validation): > http://mipassoc.org/batv/ > http://sourceforge.net/projects/batv-milter > > What does such a scheme break? Do any mailing list management sw > use envelope sender address for membership verification (instead of > using author address in a From header field, or maybe in Sender)? > Also looks like ot would 100% break CR systems. Originating email address would be new every day, would send a challenge every day, if response is in form of email reply (if user didn't have web access) email send back might have different name it it also. Would break whitelisting, etc. Good effort, and vbounce only helps 'a little' and is a royal pain to set up on 600 servers, all using different domains, all using different outbound vs mx records. I say death penalty to spammers. _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(tm). For Information please see http://www.spammertrap.com _________________________________________________________________________
