At 06:32 PM 10/28/97 -0500, Jay R. Ashworth wrote:
Indeed. As we noted last month on the topic of ingress filtering, you have to catch this stuff on the _intake_ side, to have any real hope of spotting the offenders.
Back to sender verification (equivalent of caller ID).
This would allow better reporting of AUP violations to the sending domain from the receiving domain. Logs could be used to document the violation.
there is provision for sender verification in the exim MTA (a drop in sendmail replacement that a lot of people are starting to switch to.) i used it for a while, but it's overly sensitive to sluggish and/or malconfigured DNS in its current form, so i had to turn it off to avoid complaints about legitmate business related email getting canned by administrative prohibition. the verification only assured that the domain in the helo was legit, and the domain in the mail from: was legit; it didn't do anything useful for spammers with addresses like 12345678@aol.com, unfortunately. sigh, richard -- Richard Welty Chief Internet Engineer, INet Solutions welty@inet-solutions.net http://www.inet-solutions.net/~welty/ 888-311-INET