On 2010-08-12 12:58:51 -0400, Hector Santos wrote: > Paul Smith wrote: >> On 12/08/2010 14:28, Rosenwald, Jordan wrote: >>> True statement, but that means the senders of the other 5% are now left >>> in the dark as to what happened to their mail. >>> Is there a proposed solution to that? >> >> Maybe we just recommend sending NDNs to people if their email is DKIMed >> or if it came from a server matching SPF rules, or if the return path >> uses BATV >> >> It's better than never sending them at all, and those provisions make >> it reasonably certain that the sender's email address wasn't forged. >> >> Also, it might encourage people to put in place the anti-forgery methods. > > +1 > > In our implementation, we use CBV (Callback Verification) and this > resolves at least 50%, 70% to even has high as 90% of the "bad" MAIL > FROM: problem. Currently it is among the highest filter in our suite of > SMTP filters.
Apart from other objections agains CBV, this only removes those cases
which were mostly harmless in the first place: If the forged sender
doesn't exist, the NDN cannot be delivered and will be silently
discarded (or sent to a local "double bounce" address where they will
probably be ignored ;-)). If the forged sender *does* exist, CBV won't
detect that it is forged and an NDN may be sent to the hapless victim of
the forgery. SPF, DKIM, BATV, etc. do a better job guarding against
address forgery.
hp
--
_ | Peter J. Holzer | Openmoko has already embedded
|_|_) | Sysadmin WSR | voting system.
| | | [email protected] | Named "If you want it -- write it"
__/ | http://www.hjp.at/ | -- Ilja O. on [email protected]
signature.asc
Description: Digital signature
