On Sun, 6 Mar 2005, Bruce Lilly wrote:
On Fri March 4 2005 16:11, Keith Moore wrote:
I should clarify that by "unauthorized mail" I meant sending a message
using MAIL FROM:<address> and/or From:<address> without having the
authorization of the party associated with <address>.
There's simply no way to detect that situation in current
protocols.
That's true in general. However a site can implement a policy such as
"return paths must contain a security tag" (e.g. as specified in BATV)
which allows that site to distinguish between authorized and unauthorized
use of an address in a return path. At the moment the extent of the
interoperability issues with this idea has not yet been examined in
detail.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
LANDS END TO ST DAVIDS HEAD INCLUDING THE BRISTOL CHANNEL: NORTHEAST BACKING
NORTH OR NORTHWEST 3 OR 4, OCCASIONALLY 5 LATER IN WEST. FAIR. GOOD. SLIGHT.