Les Mikesell wrote: > On Mon, 2004-08-09 at 15:54, Kelson Vibber wrote: >> At 01:17 PM 8/9/2004, Les Mikesell wrote: >>> So SPF is going to be painful until everyone uses it and then >>> it still won't solve the real problem. >> >> Floods of invalid bounces from forged addresses aren't a problem? > > It's not the first thing that comes to mind when I think > of email problems.
I agree that invalid bounces from forged addresses aren't really a blip
on the scale of email problems. Also they can easily be solved using
existing technology - just have every organization push their "valid
user" list to the mail servers on their network boundary. Then the mail
will be rejected at RCPT TO time, with no undeliverable message
generated. (The ratware and spamware won't generate an undeliverable
message when faced with a 550 No such user.)
> Even if it were, I'd want to solve it
> for the entire address, not just the domain portion. Can't
> someone still forge the user name as long as the domain
> name is correct for the originating IP address or will that
> take yet another change in all MTA's to enforce before this one is
> very useful?
Huh? No. For someone to forge the username, they'd have to be in the
list of SPF-authenticated senders, in which case it's not really
forgery.
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
