Whitelist for misconfigured mail servers (was: Posioned MX is a bad idea)

--On Wednesday, August 29, 2007 1:58 AM -0400 Aaron Wolfe <aawolfe@gmail.com> wrote:

> The first 24 hours seemed promising. However today (tues) we have two
> false positives, including one of their banks (!) and a small business
> that is their long time customer.
>
> It's scary that a bank has such a broken config, but its a reality.
> Unfortunately, there are still too many bad admins/RFC ignorant
> firewalls/whatever out there for bogus MXs to be a practical solution for
> me. Sure, if we all used it then they'd have to clean up their acts.. but
> then the spammers would obviously just implement proper behavior in their
> next bot version. I just don't see this as a solution that can work.

Perhaps we need a whitelist similar to rfc-ignorant that lists legitimate sites that are misconfigured and broken. Being on the site would be an indication of cluelessness, not evil, so there'd still be an incentive to fix the problem. Running popular but broken software (like known-bad versions of Exchange or Notes) would result in specific error codes or bits in the result. Received on Wed Aug 29 14:32:03 2007