Validating IP against the domain was one of many tests I was planning to do. It will probably block a few legal mail servers, but that should provide an incentive to add those servers/domains to DNS and be better net-citizens.
The TMDA whitelist-centric strategy looks similar to what I was thinking of. But I find the email-based challenge/response might not be too difficult for spammers to circumvent. In any case they seem to have looked at many of the issues and is a great cross-check to ensure I did not miss something important. Thanks for the link!!! Bruno -----Original Message----- From: ext Noel J. Bergman [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 03, 2004 4:50 PM To: James Developers List Subject: RE: Contributing a mailet > spammers are getting very smart about bypassing normal anti-spam > tools. They have gone from being annoying, with dubious legal status for UCE, to being outright criminals. Spammers are behind the new worms that turn consumer systems into mail daemons. They can bypass whitelists by using the address books of the systems they have infected, and distributing the information so that databases of e-mail associations can be constructed. > I feel that no other solution other than pure whitelisting will work > in the long run. > What alternative would you propose to whitelist-only email? Are you familar with www.tmda.net? There is a proposal where an MTA would validate that the IP address attaching to it is a valid server for the MAIL FROM domain. There are proposals to have servers sign messages to verify that the message did, indeed, originate from them. --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]