On Fri, 31 Dec 2004, Jeremy Harris wrote:
> Suresh Ramasubramanian wrote:
> > Verizon does sender verify callbacks (which really should die),
> ^^^^^^^^^^^^^^^^^^^^^^^
Verizon are peculiar in that they do their callouts with a non-null
envelope sender.
> I don't agree. I'm happy to absorb the cost of people doing
> callbacks against me.
I feel the same, as long as the scale of it is such that it doesn't
constitute a DoS attack against us.
Unfortunately, Suresh seems to be in the position that their domains
are relentlessly faked by spammers, and callbacks really -are-
effecting a DoS attack against their systems. So it's understandable
that they are sensitive about callouts.
Curiously: if everyone practiced callouts, and everyone responded
usefully to callouts, then the spammers would have to stop faking
false addresses, and the cost of callouts would fall away.
We use callouts on a selective basis, and it produces some useful
results for us; but I'm very conscious that it doesn't really scale -
unless and until pratically everyone decides to do it and support it -
but, realistically, that's not going to happen.
And if it /did/ happen, unfortunately, the consequence would be that
spammers would fake genuine addresses instead - the consequences of
which are even more harmful.
