Steve Atkins wrote:
Also, if the failure mode is that the original sender of the email can cause
feedback loop reports to be sent to any email address they like there aren't
many real concerns.
You're assuming that only the UA would generate ARFs. I can envisage a
situation where BOTs caught at the front end MTAs could be sent. MTAs
doing it would be instant death on a forged target, even if the MTAs
hard rate limited (think backscatter bomb). It could also be instant
death on a non-forged target, but they're more likely to be able to
handle it.
Then there's Joe Jobs. Not necessarily so much with source IPs, but
with, say, web site payloads getting falsely accused.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg