I'm not saying it's a solution for all problems but that lets-say-for-example, AOL probally gets a lot of mail with forged yahoo,hotmail, btamail.net.cn or smiliar MAIL FROM:<>'s Lets say AOL, hotmail, yahoo all today had a way they could say "we would like to cooperate in validating source addresses as at least somewhat more valid than today" and had a mechanisim to do this with a patch to sendmail/qmail/postfix/zmailer. This would allow for while a few extra commands and bytes per smtp-transaction the ability to authenticate such data. You could also then start keeping statistics and rate-limit the callback mechanisim. AOL (and i'm sure others) have done "so, you want to bulk-mail aol users, sign here". Including this ability to increase customer satisfaction is in all ISPS interest today. - jared http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020820/ap_wo_en_po/fea_us_spammed_war_of_attrition_1 On Wed, Aug 21, 2002 at 04:17:53PM -0400, Valdis.Kletnieks@vt.edu wrote:
On Wed, 21 Aug 2002 15:51:36 EDT, Jared Mauch said:
i do think some sort of smtp-callback would be nice/useful for validation of e-mail addresses. it'll make it so the bounces go to someplace at least instead of Postmaster.
The fact that you can call back in no way means that bounces won't double-bounce into the postmaster mailbox. I'm sure that yahoo.com would buy into a callback scheme, but it wouldn;t have done squat for this double-bounce:
----- Transcript of session follows ----- ... while talking to mx1.mail.yahoo.com.:
DATA <<< 554 delivery error: dd Sorry, your message to xxxxxxxx@yahoo.com cannot be delivered. This account is over quota. - mta461.mail.yahoo.com 554 5.0.0 Service unavailable
(OK, so THIS double-bounce was a W32/Klez-H generated one, but I get enough of the same thing for spam with a Yahoo return adress). -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.