Re: [Asrg] Re: Receiver Initiated Authentication

From: Michael Kaplan <michaelkaplanasrg(at)gmail.com>
Date: Mon Sep 17 2007 - 12:26:49 EDT

On 9/17/07, Peter Bowyer <peter@bowyer.org> wrote:
>
> On 17/09/2007, Michael Kaplan <michaelkaplanasrg@gmail.com> wrote:
> >
> >
> > On 9/17/07, Frank Ellermann <nobody@xyzzy.claranet.de> wrote:
> > > Michael Kaplan wrote:
> > >
> > > > The core of this concept is that questionable unauthenticated email
> > > > will be bounced
> > >
> > > I hope you mean "rejected", unsolicited bounces are evil.
> >
> > Yes, in section 9 I summarize the Ironport data on the bounce problem,
> and
> > it is a real problem.
> > Sometimes legitimate email is unauthenticated; adopting a policy of
> > absolutely never sending a bounce in response to an unauthenticated
> email
> > will degrade the integrity of email. Banning all such bounces solves
> one
> > problem and creates another.
>
> Your use of 'Yes' in your answer to Frank was clearly in the sense of
> 'No'. Unsolicited bounces are evil, and you're still proposing to send
> them. This is bad. Why are you not talking about SMTP-time rejections,
> which are not evil and don't suffer the same issues?
>
>
> Peter

I am concerned about forwarded email. Once the Receiver Generated SPF database is established then most of the unauthenticated ham will come via forwarders who already accepted the original email. I'm open to any suggestions on how to work around this, otherwise I still argue that highly selective bounces are only mildly evil.

If we quantify evilness then: Massive quantities of spam >> small number of misdirected/easily filtered by BATV bounces.

I'm arguing for the lesser of two evils, and I argue that my evil is much much smaller than the evil of existing spam.

Michael

---

Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg Received on Mon Sep 17 12:27:06 2007