On Wed, May 07, 2003 at 07:43:10AM -0700, Daniel Erat wrote:
I understand why RMX is not able to examine RFC 822 headers. My point
was that RMX does nothing to curtail the sending of messages with
forged 822 From: addresses. Since this is the only sender address
that most users see, and the address that replies go to (in absence of
a Reply-To: or related header), I disagree with the assertion that
this is not a severe problem.
Well, RMX could be used to verify the From: address as well.
Feel free to ask your MTA to do another RMX lookup after
receiving the message body (and before sending the reply code).
If you like it, you can do it.
My point is not, that RMX would not be able to provide that
kind of security. It could.
My point is that this kind of security is something you certainly
do not really want to have in some cases. But if you really want,
feel free to use it for the From: address.
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg