Re: Spam ... that discussion has been way to long. Hasn't it?

mark@unicorn.com
Mon, 8 Feb 1999 02:54:27 -0800 (PST)

Michael S. Lorrey [retroman@together.net] wrote:
>Yes. Please. However, why can't mail servers that the recipient belongs to
>merely check the validity of the emails header addresses and origins of
>every message, bouncing the ones that look specious?

Numerous sites do this, and it's annoying as hell because they bounce a huge number of perfectly legitimate messages... while letting most spam straight through. Many virtual domains (e.g. unicorn.com) fail their overzealous tests, and there are various people out there who can't subscribe to the mailing lists I run because their ISPs bounce my mail.

But even if it could work, there are numerous problems:

  1. It might be spam anyway, why do you think that making spammers put a verified email address on their message will stop them?
  2. It might be spam sent through a remailer.
  3. It might be spam sent from a throwaway dialup account.
  4. It might be spam sent with a perfectly legitimate but fake email address.

Number 4 is possible the worst problem. Most of the patches just check that the email address is a valid one; so it just encourages spammers to send out email with fake headers containing real addresses that they've found on Usenet and the Web rather than totally false headers.

In summary, address verification of this kind is pointless, counterproductive and will never stop spam; I really wish people would stop pushing for it. Digital signature verification at the individual user level for people you regularly communicate with is certainly a good idea... system-level blocking of people you might want to hear from is not.

Mark