On 8/22/22 11:50, Viktor Dukhovni wrote:
On Mon, Aug 22, 2022 at 05:35:54PM +0200, Patrick Proniewski wrote:
But the "loophole" here is that blank sender/return-path is allowed
(MAILER DAEMON), I could prohibit that, but with huge caveats.
Best to ignore bad advice. You may need a better antispam filter. Ad
hoc rules for past (and plausibly never again) abuse are not likely to
be effective. That said, no antispam filter is 100% effective. Some
spam *will* get through no matter what you do.
If there was a method of spam filtering that was 100% effective,
*everyone* would be using it. ...And the spammers would be working
night and day to figure out ways to circumvent it.
A lot of the problems in spam filtering is that the protocols we use for
email delivery were fundamentally designed in insecure, unauthenticated
ways, because they were created in a different, friendlier, arguably
more naïve world in which nobody imagined that anyone would abuse email
on a large scale. Trying to bolt security and authentication onto
anything after the fact is always harder than designing in secure
authentication from the start.
The other side of that coin, though, is that we are in a lot better
place to do that secure authentication now, because our tools (hardware
and software) are so much better and more capable. But that doesn't
mean it's not still a hard problem.
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
