Re: [Asrg] Re: Receiver Initiated Authentication

On 17/09/2007, Michael Kaplan <michaelkaplanasrg@gmail.com> wrote:
>
>
>
> On 9/17/07, Peter Bowyer <peter@bowyer.org> wrote:
> > On 17/09/2007, Michael Kaplan <michaelkaplanasrg@gmail.com> wrote:
> > >
> > >
> > > On 9/17/07, Frank Ellermann <nobody@xyzzy.claranet.de > wrote:
> > > > Michael Kaplan wrote:
> > > >
> > > > > The core of this concept is that questionable unauthenticated email
> > > > > will be bounced
> > > >
> > > > I hope you mean "rejected", unsolicited bounces are evil.
> > >
> > > Yes, in section 9 I summarize the Ironport data on the bounce problem,
> and
> > > it is a real problem.
> > > Sometimes legitimate email is unauthenticated; adopting a policy of
> > > absolutely never sending a bounce in response to an unauthenticated
> email
> > > will degrade the integrity of email. Banning all such bounces solves
> one
> > > problem and creates another.
> >
> > Your use of 'Yes' in your answer to Frank was clearly in the sense of
> > 'No'. Unsolicited bounces are evil, and you're still proposing to send
> > them. This is bad. Why are you not talking about SMTP-time rejections,
> > which are not evil and don't suffer the same issues?
> >
> >
> > Peter
>
> I am concerned about forwarded email. Once the Receiver Generated SPF
> database is established then most of the unauthenticated ham will come via
> forwarders who already accepted the original email. I'm open to any
> suggestions on how to work around this, otherwise I still argue that highly
> selective bounces are only mildly evil.

Not sure how that answers the question about Bounce vs Reject...it's been asked twice now.

Peter

-- 
Peter Bowyer
Email: peter@bowyer.org

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg