Marc Perkel wrote:
I don't understand why you think SAV is a louse anti-forgery tool. It
forces spammers to have to find real email addresses to forge.
So here's a little thought experiment for you.
As you know more and more spam is sent by botnets from compromised
machines. Those bots know a range of valid addresses because they're
pulling them out of addressbooks on the local machines (they're also
sending to those same addresses btw).
Consider that many sites are using SAV and a botnet starts spewing
billions of messages. Consider now that you're the operator a
significantly sized mail system.
At this point you start getting hit from all around the world for
inordinate numbers of SAV requests all for valid emails. How hard you
get hit depends on your size & your misfortune. All that spam gets
delivered at the far end for as long as your servers can continue to
deal with the massive load of SAV requests and tell the other sites that
the spam isn't spam.
Note that these requests are totally unwarranted -- they have nothing
whatsoever to do with you except that some bot somewhere is using an
address at your site.
If SAV gets widely adopted bots will very easily get around it and it
just becomes an abusive overhead.
This is of course totally ignoring all the situations under which valid
email gets bounced because a SAV failed (I just happen to have
experienced several of those recently).
Domains that I host are rarely spoofed because when other hosts use
SAV I welcome that and verify which email addresses are bad and the
spam is rejected at connect time. When I use SAV I don't have to run
those messages through spam assassin because I already know they are
spam. So don't tell me that it doesn't work because I know for a fact
that it does.
It does now but only because it is so rarely used. And you can avoid SA
right up until spammers start using real addresses at which point you're
totally hosed.
I WANT people to verify against my servers. I WELCOME it because
spammers blacklist ME.
Right up until your servers die under the load of other systems SAVing
you. :)
As to people blacklisting me - I am quite capable of effectively
evening the score. Those who black list me are a buch of cowards who
hide and create anonymous black lists to try to bully people into what
they want us to do. But these people have left a trail that I'm
reconstructing and I'm going to out them and it's going to be a very
public outing. So I don't just complain when I get blacklisted. I fix
the problem.
Or they're forward thinking people who can see the future of SAV and
realize that ultimately it's just abuse.
A final thought. There is only one large ISP that uses SAV and they've
recently decided to stop doing so. I wonder why that'd be if it's as
good as you say?
Derek
