William Herrin bill at
Sun Feb 21 18:05:57 UTC 2010

On Sat, Feb 20, 2010 at 7:10 PM, Joel Jaeggli <joelja at> wrote:
> s/mime detached signatures rooted in some ca that you trust are actually
> a rather good way of identifying the sender.


Unfortunately signatures are more effective at confirming authenticity
than they are at refuting it. Even more unfortunately, refuting
authenticity is vastly more useful in solving the backscatter problem.

The nice thing about SPF is that it offers a practical way to *refute*
the authenticity of claimed senders even when its use is less than

On Sat, Feb 20, 2010 at 5:57 PM, James Hess <mysidia at> wrote:
> Spurious DSNs can
> be discarded easily by the mail server that knows it didn't pass that
> message.


Unfortunately, that's not true. Mailing list software has to use VERP
or similar encodings in the from address to successfully map bounces
back to the message that caused them. For general-purpose email use,
programmaticly mapping bounces back to the original message isn't

On Sat, Feb 20, 2010 at 7:25 PM, Jon Lewis <jlewis at> wrote:
> IMO, the original question in this thread was on-topic, but unfortunately it
> got very little discussion

I like spamhaus, they run a quality list, but they want between $1900
and $19000 per year for their rsync service and you have to tell them
how many email customers you're supporting in order to pay less than
the max. That would be an acceptable price to pay for antispam efforts
overall, but I couldn't afford to pay that for *each* of the dozens of
services spamassassin consults while analyzing a message.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list