GrayHat wrote: >> I'm more or less thinking out-loud about ideas of things to do with > I'm thinking out-loud as well, I find it useful when it comes to > exploring > ideas :) anyways.... let's try an example > > you send out an email from [EMAIL PROTECTED] through your ASSP > > Your ASSP picks the email address and generates a "salted" > checksum (e.g. MD5); the salt will come from a configurable > field in ASSP > > The hash is then used to generate a "prefixed" mail address > like e.g. [EMAIL PROTECTED] > or may just use SRS to create the "mangled" address (either > option should work) > > the mail is now sent using the above address; when another > email will come back to such an address, ASSP will strip the > hash, verify it, and -if valid- forward the mail to the "stripped" > mail address that is [EMAIL PROTECTED] in the above example > > as long as the salted-hash won't change, the idea won't break > whitelisting mechanisms; although, as I already wrote there may > be some other issue to solve > > But that doesn't address the remote site whitelist issue. If you're usually sending from "[EMAIL PROTECTED]", and now a message sent to "[EMAIL PROTECTED]" is addressed from "[EMAIL PROTECTED]" - won't that break the remote-side's whitelisting if it's based on address only, not domain (since we're talking about communicating with non-ASSP hosts)?
-- Daniel ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
