[Top] [All Lists]

Re: forged bounces, was [Asrg] A CAPTCHA that automatically

2005-06-03 22:05:23

On Fri, 4 Jun 2005, John Levine wrote:

I do not know the details of either.  But, speaking as an implementer,
I would much prefer to be tasked with implementing something basically
stateless like Domain Keys than anything requiring saving any
information about sent mail and feeding it forward to assist with
incoming bounce handling.

That's exactly the point.  DK, or any other signature system, puts
all of the message's state in the message itself, so the sending
host can then forget about it.  Anything that requires that the
sending host remember all the mail it's sent adds vast complication.

This is exactly the problem with SES and why I told them its not workable
large-scale, although otherwise its good idea.

BTW - the same is also true for BATV (in fact the technologies are really identical except SES allows for public dns verification server and BATV its all private).

William Leibzon
Elan Networks

Asrg mailing list