On Tue, 5 Jul 2005, David Woodhouse wrote:
The point is that [an envelope signing system like BATV or SES] only needs to
be done within one mail cluster and the users of that system will benefit
from it. It doesn't depend on flawed assumptions about the way the world
operates, and no co-operation from third parties is required to make its
assumptions come true.
Hence the term 'unilateral'.
Yes, BATV and similar signing schemes are a valuable tool that I also use to
now gets blocked), and how much of it does not (and does not). On the
rare occasion that I receive a 'bounce' with non-empty reverse-path, I
report that as serious mail abuse to the upstream network provider.
Unfortunately, 'bounces' with non-emtpy reverse-path exceed rfc compliant
bounces at my MTAs. The usual cuplrit is $^%&$#*# Winduhs virus
scanning software. The only bright side is that despite the thousands
of brands of defective scanners out there, their styles are quickly
learned by the bayesian content filter and discarded.
BATV can only block (some) bounces hitting the forged sender.
Not correct. Try sending forged MAIL FROM:<dwmw2(_at_)infradead(_dot_)org> to
sourceforge.net mail host, for example. Note that the admins of
sourceforge.net did nothing in particular to achieve this, and their
system started rejecting that faked mail from the moment I implemented
BATV for myself.
The admins did do something, they implemented some form of callback
validation. I also do CBV, and will rejected forgeries of your
domain. However, I only do so after thousands of forgeries have been
screened down to dozens. The callbacks from millions of forged emails
can be (and is, in my case) an unwelcome load on your MX. SPF works
side by side with BATV and SES (and SRS used in self-signing mode) to stop
the forgery sooner for those mail receivers who are able to check SPF
and reject fails (because they have a handle on their forwarding).
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.