On Feb 4, 2004, at 12:01 PM, Mark Foster wrote:
On Wed, Feb 04, 2004 at 04:34:03PM +0000, Peter Sergeant wrote:
It's true that there's no technical way for the *recipient* to verify
that you authorized a message. However, I'd say your logic doesn't
hold
No, it is not true. Header analysis can reveal whether the relaying
hosts
sequence & pattern in the Received: headers is consistent with previous
(bonafide) messages received from the sender.
Except for the last hop, this is all trivially forgeable. SPF works to
tackle this issue in a pretty sound way. I'm surprised that it hasn't
been brought up in this conversation.
George
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg