Today, Stephen Zander <email@example.com> wrote: >>>>>> "Jan" == Jan Niehusmann <firstname.lastname@example.org> writes: > Jan> Time will tell. I fear that some day, the only way to use > Jan> email productively is to block all email with invalid sender > Jan> adresses. And I don't know a way do valdiate a (not yet > Jan> known) address but to try it and send a reply. If you > Jan> combine that with some autoresponders on both ends, no human > Jan> interaction would be needed, so annoyance should go down. > > The above is based on the false premise that those who send spam are > incapable of sending it with (forged) real email addresses. They > already have lots of them to choose from. Right. I just thought up a scheme to exploit this, based on the fake source-IP address approach you find in descriptions of ping-floods. a) Spammer finds an autoresponder b) Spammer sends many mails with Reply-To: header chosen from a know-to-work address list c) Reply-To:ed people receive the bounced mail and are annoyed. So, ones selfishness (by using such spam "filtering" approaches) can be used against the person running the filter. If the filter is configured so that it doesn't send the Received: lines, it actually acts as a pseudo-anonymysing relay. Thus, my conclusion: These things are evil. Don't use them or somebody might use them against you, eventually. -- Andreas Fuchs, <email@example.com>, firstname.lastname@example.org, antifuchs Hail RMS! Hail Cthulhu! Hail Eris! All hail Discordia!
Description: PGP signature