wayne wrote:
In <406753EF(_dot_)3060304(_at_)solidmatrix(_dot_)com> Yakov Shafranovich
<research(_at_)solidmatrix(_dot_)com> writes:
My problem with all of these is that each identity in question
addresses a different problem, and my question is whether this
mechanism, MARID, is the right tool for solving these three
problems. I.e.:
1. 2821 HELO/EHLO domain and in-addr.arpa
Goal: Seeks to provide protection against hijacked machines sending
viruses/spam
Actually, my goal in RFC2821 HELO domain checking is to keep that
domain out of the Received: headers. This is a case of "a little
knowledge is a dangerous thing." People often know enough to know of
the existance of Received headers, but correctly parsing them is
non-trivial.
I've said this before on this list several times, but the funny thing
is that just today, I got fooled by a bogus Received: header.
The goal of attacking hijacked machines is stated in the introduction of
the DRIP proposal.
Yakov