Benny Pedersen wrote: > why do you care about it ? > > after all its not your domain :-)
I care because: A) All mail into my domain is filtered through SpamAssassin with a milter - including mail that goes to postmaster and abuse. Not that my little domain gets much on either address, but from what I've read on rfc-ignorant.org, they take a dim view of filtering those addresses for most any reason - and if someone like yahoo will get scored badly, I can just see how much voice I would have if they decided to add me to their list. I've had my share of run-ins with script kiddies and punks, and if someone decided to it probably wouldn't be very hard to contrive of an email that spamassassin would bounce and then forward that bounce to rfc-ignorant.org. A form of DOS attack to which I am vulnerable to because I filter spam from all my addresses. B) I get mail from users on yahoo and do not want them to get filtered incorrectly. C) I am interested in the overall quality of SpamAssassin. I am aware that I can adjust my local rules. My concern is in the past, I have usually found the rules to err on conservatism and this strikes me as being fairly much on the radical side. Yahoo serves more mail in a day today than was served in a day on the entire internet in 2001 when RFC2821 was written. Their creation and promotion of DKIM is a not insignificant contribution to the overall spam problem. Creating a few hoops for people to jump through to reach them is not an unreasonable thing to do for a corporation that processes as much mail as they do. Do /you/ want to pay the bill for having someone process the mail at their postmaster@ address that is a sitting duck for spam, floods, and the overall dregs of the Internet? The kind of score being added to every one of their messages is out-of-line with the seriousness of missing a couple of rfc addresses. Being the object of DoS attacks of many kinds in the past, and fearing some sort of use of rfc-ignorant against me, I started investigating means to give my mail server some negative scores in SpamAssassin and found the hashcash rules. I found a snipped from the hashcash FAQ quite amusing: http://www.hashcash.org/faq/ - the following quotes from the second paragraph of 1b, and to me epitomized rfc-ignorant.org: "A number of blacklisters even introduce punitive de-listing policies, such as they will retain an ISP on their black list for twice as long as it took the ISP to react to the spammer. There is no reasoning with blacklist operators -- they are anti-spam crusaders and vigilantes. They are angry about spam, and are taking matters into their own hands. The problem is there is no service agreement or recourse as they are individuals and their services are typically free. Their policies are however magnified and have significant side-effects as many ISPs and companies use their services. Occasionally an ISP will become sufficiently annoyed at the punitive policies and arbitrary nature of a given blacklist operator and sue them for loss of email reliability. There was a case a few years back of this nature. The ISP won btw, and that blacklist went out of operation. However there are lots of other blacklist operators, and the universal hatred of spammers spurs more people to become blacklist operators."
