Alex van den Bogaerdt <[EMAIL PROTECTED]> wrote: > On Tue, Nov 13, 2007 at 09:53:24AM +0000, Tony Finch wrote: > >> However, I believe that in doubtful cases it's better to apply AI to the >> complete message data than to attempt to analyse some abbreviated >> notification. In most cases MTAs have enough capacity to do this: at the >> moment (according to my stats) doubtful cases are about 30% of the email >> that gets past blacklists. > > The big difference seems to be what happens after you decide a > message to be spam. > > Present day: you delete it without notification or you send it "back", > generating backscatter. > > With TBR: you send a notification to the sender's domain. That server > should NOT forward the bounce to an innocent victim. Instead, the domain > could even count such bounces and be on guard about this customer. > > Am I seeing this wrong?
You're essentially correct, but the -00 spec does allow for the case where you decide -- before fetching any part of the message -- that the originator is not worth trusting, so you simply discard the URI silently. Doug expects this to be frequent, if spammers actually use TBR. YMMV. This is a good opportunity to point out this _is_ a -00 spec. My standards for a -00 spec may be higher than some (as Dave Crocker will attest), but I'm sure it has some down-and-out errors, as well as areas which could be improved by a WG-like process. Doug and I are certainly open to that. -- John Leslie <[EMAIL PROTECTED]>
