On 2/19/2010 7:20 PM, William Herrin wrote:
On Fri, Feb 19, 2010 at 3:30 PM, Rich Kulawiec <rsk@gsp.org> wrote:
Barracuda's engineers apparently think that using SPF stops backscatter -- and it most emphatically does not.
Reject gooooood, bounce baaaaaaad. [1]
Whine all you want about backscatter but until you propose a comprehensive solution that's still reasonably compatible with RFC 2821's section 3.7 you're just talking trash.
"If an SMTP server has accepted the task of relaying the mail and later finds that the destination is incorrect or that the mail cannot be delivered for some other reason, then it MUST construct an "undeliverable mail" notification message and send it to the originator of the undeliverable mail (as indicated by the reverse-path)."
Does the RFC say what to do if the reverse-path has been damaged and now points to somebody who had nothing what ever to do with the email? Do your SNMP clients respond truthfully to EXPN requests? How about source-routed traffic? ICMP requests? Recursive DNS requests? If not, why not? I don't run any sites anymore, but when I did, unsolicited traffic (traffic not in response to traffic from somebody on my network) was blocked when detected, and remained blocked until somebody inside our boundary complained, and on second occurrence until my management directed me to remove the block. "in response to our traffic" was a situational matter determined by reasonable people on a case by case basis as required. -- "Government big enough to supply everything you need is big enough to take everything you have." Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml