Marc Perkel said:
If someone is sending email using one of my domains I want people
verifying the sender addresses. That way spam that is spoofing my domains
won't get delivered.
Marc:
(1) Sure, this covers spoofing where the alias is invalid for that domain,
but it doesn't do anything about Joe Jobs of e-mail addresses that really do
exist. That is unfortunately because the ones that do exist are the least
quickly provably innocent. IOW, if the spammer is using my domain in the
"From:" address, but choosing an address that doesn't realy exist, then
anyone investigating it further can quickly and easily discover that
messages sent to the non-existant user will receive an "unknown address"
SMTP error code. Likewise, outscatter will also be a greater problem with
real e-mail addresses, but not much of a problem at all with non-existant
addresses. So while your point is valid, it is very limited.
(2) On the other hand, consider the scenerio where a single e-mail address
is Joe Jobbed in millions of spams... and that address is valid (and this is
quite common as worms play musical chair with infected computers address
books... using real, not guessed, addresses!). If more ISPs were using
SAV... particularly large ones... wouldn't that essentially triigger such a
large amount of SAV traffic for that particular innocent domain's mail
server that it would then turn into a DDOS attack... just for a single large
spam run?
Therefore, I suppose that SAV is relatively harmless if fewer and smaller
ISPs use it... but it could cause many problems if more widely adopted. It
fails the "what if everyone were doing this" test.
Rob McEwen
PowerView Systems
[EMAIL PROTECTED]
