It has been pointed out that one reason it is difficult to validate
return addresses is that there are legitimate reasons to forge them:
sending mail from work with a home from address and so forth.
Might it be possible to handle this part of the problem by routing
such traffic via the proper "from" place? Obviously the first hop has to
be an authenticated connection so that it isn't an open relay.
So if I want to send mail as, say, lstewart(_at_)acm(_dot_)org, I must send
that message
via an authenticated connection (as lstewart) to acm.org and then when it
gets to its true destination, the from address will not appear to be forged.
In short, if we clean up the way legitimate uses of forged addresses are
handled, then perhaps it will be easier to deny access to the illegitimate
uses. I think the following is due to Heinlein, but I am not sure:
"If you don't know how to solve all of a problem, solve the part of it
that you do know how to solve."
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg