Les Mikesell wrote: > On Mon, 2004-08-09 at 15:54, Kelson Vibber wrote: >> At 01:17 PM 8/9/2004, Les Mikesell wrote: >>> So SPF is going to be painful until everyone uses it and then >>> it still won't solve the real problem. >> >> Floods of invalid bounces from forged addresses aren't a problem? > > It's not the first thing that comes to mind when I think > of email problems.
I agree that invalid bounces from forged addresses aren't really a blip on the scale of email problems. Also they can easily be solved using existing technology - just have every organization push their "valid user" list to the mail servers on their network boundary. Then the mail will be rejected at RCPT TO time, with no undeliverable message generated. (The ratware and spamware won't generate an undeliverable message when faced with a 550 No such user.) > Even if it were, I'd want to solve it > for the entire address, not just the domain portion. Can't > someone still forge the user name as long as the domain > name is correct for the originating IP address or will that > take yet another change in all MTA's to enforce before this one is > very useful? Huh? No. For someone to forge the username, they'd have to be in the list of SPF-authenticated senders, in which case it's not really forgery. [EMAIL PROTECTED] 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang