On Wed, Dec 17, 2003 at 12:36:11PM -0500, Mark E. Mallett wrote:
The missing link in this scenario is the standardized encoding for the
return-path within a return-path.
[ ... ]
With ENVID, the server owning the ID has to either keep some history,
or has to use an algorithm whereby envids can be verified. The first
seems to require more implementation/deployment impact than we're
allowed to consider; the second would seem to provide an abuse path.
OTOH I may simply be confused.
I don't think so (confused ;-).
I have always wondered if, with LMAP, abusing sender domains will become
impossible, will spammers fall back to empty envelope senders, aka
mimiking bounces? How will we solve THAT problem? The first time they
started admin started blocking empty envelope senders and if this will
be widely used again I fear a lot more admins will block "bounces".
However this will solve the problems with return-path rewriting ;/
Otherwise, without tracking, return-path rewriting with routing
information may lead to the same problems we had with
addresses, with the diefference that it now has a form
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
Asrg mailing list