ietf-asrg
[Top] [All Lists]

[Asrg] small correction re identifying bounced mail

2005-01-09 02:51:48
Seth responded thus:
for a sufficiently large ISP (think AOL, or a cable modem business),
keeping track of the tuples of <sender, recipient> for any length of time
will require a _substantial_ database infrastructure.

> Under 1K of data.  Remembering stuff is doing it the hard way.  Create
> the lhs of the Message-ID signed with a private key that changes
> daily.  If the "response" doesn't have one you could have generated
> recently, it's bogus.

Just to clarify, you should use here a MAC (Message authentication code, e.g. HMAC), not a public-private key signature scheme (e.g. RSA), to ensure validation is efficient. I am sure this is what Seth meant but I thought clarifying can't hurt.

Of course, as others noted, this does not help if the original message went thru a different MTA (e.g. road warrior, home vs. office), unless done by the client sw itself.

Best, Amir Herzberg
http://AmirHerzberg.com


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


<Prev in Thread] Current Thread [Next in Thread>
  • [Asrg] small correction re identifying bounced mail, Amir Herzberg <=