Tony Finch writes:
On Tue, 7 Sep 2004, Michael Thomas wrote:
Perhaps it's not obvious, but the identified mail draft can
also support the functionality you're after here with
BATV. It's essentially a matter of inspecting the bounce at
the purported home of the bounce of the bounced message
itself and doing the normal anti-forgery KRS check.
Inspecting the body of the bounce is not sufficient, because there are
bounce-like messages such as vacation notices which do not include any of
the original message, but which you still want to receive. It is also
cheaper to detect backscatter at envelope time, and it has the
side-benefit of working well with callback verification.
To the degree that you don't include original text, is the
degree that you are subject to cut and paste attacks. This
is true for all signing proposals, but simply cutting out
the bounce verifier and adding your spam body is an attack
vector.
And I think that things that don't include any of the text
should be treated like... a fresh message. Which means that
the vacation program owner should sign its messages. Since
it's not relaying potentially spamful text, I don't see how
this raises to the level of the bounce reflection attack
which takes advantage of that property.
Mike