Re: User experience

[wayne <wayne@xxxxxxxxxxxxx>]

In <9156B81DAA29204989AD43E88688FAABF7EDD3@xxxxxxxxxxxxxxxxx> "Harry Katz" <hkatz@xxxxxxxxxxxxxxxxxxxxxx> writes:

> This is of course a laudable goal.  But are we really going to save
> much bandwidth?  It seems to me that if we reject messages on the
> basis of the MAIL FROM then spammers will simply register throwaway
> domain names, publish the appropriate DNS records and pass the
> validation.

Yes, I expect spammers to start using throw-away domains more
frequently if the RFC2821 from passes validation.  However, that's
where graylists and RHSBLs come in and ruin the spammers day.
Moreover, throw-away domains leave a lot more trails to track,
especially with ICANN cracking down on bogus info in the registry.

Hmmm...  I guess this is getting way out of scope for this working
group.  Maybe I should just sum it up with this: The problems of
spammers using reacting to validated RFC2821 data has been thought
about quite a bit, and I don't think it something they can escape
from.  However, even if they could, validating the RFC2821 data means
that spammers won't be spoofing *my* domain.

If you want to discuss this issue further, the
SPF-discuss@xxxxxxxxxxxxxx mailing list would be more appropriate.  I
think the ASRG mailing list might also be appropriate, but since I am
not following it closely right now, I can't say for sure.


-wayne