-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Jul 23, 2004 at 05:28:05PM -0400, Stuart D. Gathman wrote: >>On Fri, 23 Jul 2004, Kyle Hasselbacher wrote:
>Ahh. I may be unfairly maligning TMDA, the specific product, as opposed to >the general concept of sending confirmation emails. I had mentioned >TMDA as part of a general rant about all the unsolicited replies >and notifications in my mailbox. But if TMDA (the product) sends a DSN >(Delivery Status Notification) rather than a reply, then it is not >one of the culprits. DSNs to forged messages are automatically >blocked by SES without anyone having to check SPF. You can configure TMDA to send mail from something other than <>, so it's possible to get a message from it that's not so DSN-like, but that's not normal. TMDA is really the best of the bunch when it comes to challenge/response systems. >> I'm not sure what SES is, so maybe I'm missing something. Can you >> elaborate? > >http://spf.pobox.com/srs.html > >SRS (Sender Rewriting Scheme) is a system to make SPF work with forwarding. >Forwarders rewrite the sender (mail from) in a way that lets them retrieve the >original sender to forward bounces. The system includes a crypto cookie to >prevent spammers from using SRS as a new kind of open relay. > >As a side benefit, the original sender can apply SRS to outgoing mail, even >though it is not strictly needed. Any DSNs (bounces, i.e. mail from <>) which >do not have a valid cookie are then rejected as forgeries. When >the original sender does this, or uses a similar scheme, it is called SES >(Signed Envelope Sender). It protects the sender from forged DSNs. This sounds to me like TMDA's tagged addresses. The envelope sender on my emails is a dated address like this one: [EMAIL PROTECTED] Anyone can send email to it until it expires (at the time encoded in it). The address itself is signed using a secret on my computer (so it can't be forged). Bad bounces don't reach me because <> is not on my white list; good bounces do reach me because they're directed to that (temporarily) open address. - -- Kyle Hasselbacher | Heavy, adj.: [EMAIL PROTECTED] | Seduced by the chocolate side of the Force. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBAYcl10sofiqUxIQRAk88AKCoj1mmIIw1ES2imGw3Eyahw2/5/ACeLHJU sBvLvpQPFuCXkEAPDrmYXAE= =k5q+ -----END PGP SIGNATURE----- _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
