[Asrg] Re: Receiver Initiated Authentication
Peter Bowyer
peter at bowyer.org
Mon Sep 17 14:47:04 EDT 2007
On 17/09/2007, Michael Kaplan <michaelkaplanasrg at gmail.com> wrote:
>
>
>
> On 9/17/07, Peter Bowyer <peter at bowyer.org> wrote:
> > On 17/09/2007, Michael Kaplan <michaelkaplanasrg at gmail.com> wrote:
> > >
> > >
> > > On 9/17/07, Frank Ellermann <nobody at xyzzy.claranet.de > wrote:
> > > > Michael Kaplan wrote:
> > > >
> > > > > The core of this concept is that questionable unauthenticated email
> > > > > will be bounced
> > > >
> > > > I hope you mean "rejected", unsolicited bounces are evil.
> > >
> > > Yes, in section 9 I summarize the Ironport data on the bounce problem,
> and
> > > it is a real problem.
> > > Sometimes legitimate email is unauthenticated; adopting a policy of
> > > absolutely never sending a bounce in response to an unauthenticated
> email
> > > will degrade the integrity of email. Banning all such bounces solves
> one
> > > problem and creates another.
> >
> > Your use of 'Yes' in your answer to Frank was clearly in the sense of
> > 'No'. Unsolicited bounces are evil, and you're still proposing to send
> > them. This is bad. Why are you not talking about SMTP-time rejections,
> > which are not evil and don't suffer the same issues?
> >
> >
> > Peter
>
> I am concerned about forwarded email. Once the Receiver Generated SPF
> database is established then most of the unauthenticated ham will come via
> forwarders who already accepted the original email. I'm open to any
> suggestions on how to work around this, otherwise I still argue that highly
> selective bounces are only mildly evil.
Not sure how that answers the question about Bounce vs Reject...it's
been asked twice now.
Peter
--
Peter Bowyer
Email: peter at bowyer.org
More information about the Asrg
mailing list