Meander - from "penny black" back to TCB protections

Victor.Duchovni at Victor.Duchovni at
Fri Jan 2 10:40:29 EST 2004

On Thu, 1 Jan 2004, Ed Reed wrote:

> I'm curious, Victor - do you use any functions to verify that the
> sender's
> email address is "live" to insure that a valid "reply" is possible?

No, this is not known to scale well to large sites. Also widespread
adoption of sender verification encourages joe-jobbing, for the victim the
torrent of spam bounces and abuse complaints are worse than spam (one of
my users was getting 10000 messages for a while...).

A high quality open proxy/open relay RBL combined with a good spam
detector (Spam Assasin or a commercial offering) are good enough in

A lot of the damage to email infrastructure associated with spam is caused
by misguided spam-fighters, rather than spam itself.

I am waiting for the law to be enforced, not for CPU waste proofs.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list