On Thu, 2 Oct 2003, Alain NAKACHE wrote:
At 01:16 02/10/03, Eric S wrote:
Now, *IF* something like DHVP (dynamic HELO verification protocol) were in
place, then you'd know that the machine that sent you the email is at
least authorized to send for that domain, then you'd only be a nusiance to
people using ISPs whos resources are being abused. Well, hotmail is one
of them, they're having problems with spammers using DAV to send email
with forged froms through their system. It all comes out as from someone
at msn or hotmail, but it can happen.
I don't agree. Some ISP are providing SMTP AUTH extension (RFC 2554) to
their customers.
Systematically refuse messages with this dynamic HELO (EHLO ?) would cause
many problems.
Not sure I follow the objection, but I should have been more clear. The
guys talking about DHVP said that it probably shouldn't be applied in
cases where some other form of authentication is done, so we wouldn't be
rejecting a message that came in authenticated with SMTP AUTH.
In any case, the issue of bouncing filtered messages to the env-from is
going to generate far more bad than good, and that's the point I was
trying to make. If you have some way, be it SMTP AUTH, DHVP, or telepathy
to know that the email most likely came from who the env-from says it
does, then yes, bouncing filtered messages would be reasonable. But if
you don't have that confidence, then it isn't reasonable. That's the
point, not the pros or cons of DHVP itself.
12 messages in net.sourceforge.lists.courier-maildropRe: [maildropl] bouncing spam with ma...
