On Wed, Aug 27, 2003 at 01:35:12PM +0200, Tore Anderson wrote: > with is that the C-R system in question ignores the fact that SMTP > headers are trivially (and regulary) forged. I believe this is deliberate, > and that TMDA does not attempt to verify that the recipient of the > challenge truly was the sender of the original e-mail. (If it did, I > would have no problem with it at all.)
You do realise that all parts of SMTP are generally completely unauthenticated and can be trivially forged? A system like this has no option but to work with unauthenticated data. -- "You grabbed my hand and we fell into it, like a daydream - or a fever."