It appears that Matthew Horsfall (alh) <[email protected]> said: >Is this saying that a message goes through a -> b -> c -> d, d generates a >bounce back up the chain, and b can pretend it was the one generating the >bounce?
Yes. >If so, won't that make debugging bounces so much harder? No. A can see that mail to B bounces, so it can notify the sender or take the address off the list or whatever. The point here is that it is none of A's business what B did with the message. If B wants to do something about its forwarding rules, it can still do so. >*4. 4.2. Sender indications of intent* > >Having a way to indicate "this message will be useless after time X" >> will be useful for things like confirmation codes which have limited >> validity, allowing intermediate systems to return the message if they >> haven't been able to complete delivery by the expiry time. See the Expires header draft. >What is a header stuffing attack? A link to documentation could be useful. Add another Subject: header that isn't covered by the signature but might be shown to a recipient. Depending on who you ask, this is either a critical security vulnerabiity, or an arcane corner case that never happens in practice. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
