Justin Mason wrote: > > Hey Matt -- > > fwiw, I find them pretty inoffensive in and of themselves; however, from a > game-theory point of view, their effects are lousy. > > This, and other methods that attempt to fight spam by validating an email > address' validity, don't necessarily try to validate that the email was > *sent* by that address; just that the address exists.
True.. I don't defend it as a particularly effective or valid method, but I also am not bothered by empty connections checking to see if an address is deliverable. Realistically, this is a very minor problem. Compared to the six-billion other network abuse attempts I get here each week, these are very much in the noise. It makes me wonder how closely such admins watch their systems. There's a lot more worrisome stuff going on out there than this. > As a result, it forces spammers to use valid From: and MAIL FROM addresses > in their spam. The easiest source for those, for a spammer, is the address > list they're sending spam *to*. As a result, the spam recipients now > get not just the spam itself, but also the "blowback" -- bounces, C/R > bounces, "you sent me a spam!" bounces etc. Realistically, most spam I get seems to be using addresses that are already in the spammer's database of "valid" email addresses. While I see a lot of viruses using dictionary based MAIL FROM addresses, I see very little spam doing this. So I don't think this really changes much about spam, aside from perhaps encouraging spammers to clean their lists.
