On Mon, 7 Apr 2003 07:00:17 -0400 (EDT)
Daniel Feenberg <feenberg(_at_)nber(_dot_)org> wrote:
On 6 Apr 2003, wayne wrote:
Could the receiving MTA, when it must send a DSN, restrict itself to
connecting to the connecting MTA or one of its MXs? In that case a
forged envelope from would typically result in a "relay denied" rather
than sending the DSN to an innocent third party. If the envelope from
was in a domain that the connecting MX serviced, presumably it would
accept and deliver the DSN. If the spammer forged addresses in the
scope of the connecting MTA, the DSN would still go through, of
course, but the burden would be on the "legitimate" users of the MTA,
which would encourage relays to be closed and spammer's accounts to be
canceled.
While not making it impossible, this gets interesting when a message
transits a secondary MX. Something has to track the originating
domain/MX for the transaction -- which in turn either exposes that
tracking to spammer forgery, or suggests that a new/different/custom
transport protocol be used between MX levels which is different than is
used for base message transfer.
--
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
claw(_at_)kanga(_dot_)nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg