[Top] [All Lists]

Re: forged bounces, was [Asrg] A CAPTCHA that automatically

2005-06-03 21:55:51
I do not know the details of either.  But, speaking as an implementer,
I would much prefer to be tasked with implementing something basically
stateless like Domain Keys than anything requiring saving any
information about sent mail and feeding it forward to assist with
incoming bounce handling.

That's exactly the point.  DK, or any other signature system, puts
all of the message's state in the message itself, so the sending
host can then forget about it.  Anything that requires that the
sending host remember all the mail it's sent adds vast complication.
As Mark D. pointed out, for large domains like Yahoo not only are
there many sending hosts, but they can be spread around the world.


Asrg mailing list