In article <32db9480-1666-d007-4d83-976d891e2...@linuxmagic.com> you write: >> It's not really wise to use non-obfuscated return paths when using >> VERP. If it's easily decodable, a goofball could spin up fake ones to >> try to get 'em logged as legitimate bounces and inhibit future >> delivery of certain messages to certain recipients. Is it >> common/likely?
That seems quite a stretch. Has it ever happened in the history of the Internet? If I wanted to harass someone by mail I can think of about a million better ways to do it. You'd need a lot of detailed knowledge about a particular mailer to spoof bounce someone off their lists, and then it'd just be that mailer, or as likely as not just one list. If you really thought that was a problem, you could put a two letter checksum into the VERP along the lines of BATV. >IMHO, using VERP for a confirmed double-optin mailing lists can be >understandable, but in that case, the list itself is very specific. >But even then, a non VERP MAIL FROM is much preferable.. >(eg Return-Path: <mailop-boun...@mailop.org> ) Preferable for what? VERP makes it much easier to figure out what address is causing the bounces so if there's enough of them you know who to remove. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
