> the problem is that spf only validates that the sender is an > allowed sender. this is ineffective against backscatter > attacks. i've gotten as many as 500 backscatter spam in 4 hrs. > so this is a significant issue for me.
So you're blocking mail from forsyth in order to block spam bounces from <>? I already told you how I solved this when it happened to me, and it has been 100% effective without the false positives you get from idiocy like RBLs. I've arranged that all mail I send has an SMTP return address of [EMAIL PROTECTED], for some value of zzz (right now zzz=bounces), and then I reject mail from <> to plain [EMAIL PROTECTED] with a comment explaining the backscatter issue. It's 99% of the benefit of SRS with 1% of the work. You would have to change smtpd to pass the sender as $2 to validateaddress to implement this on Plan 9, but it is not hard. Russ
