Re: Bounce Address Tag Validation (BATV)2004-05-19 04:06:31Dave Crocker writes: <http://brandenburg.com/specifications/draft-crocker-marid-batv-00-06dc.html> There must be something I've missed. Doesn't the following attack work? 1. Prepare message to be sent in some victim's name. 2. Send the victim some mail calculated to get a response. 3. Wait for the victim's response.4. Quickly use the (opaque) localpart from step 3 to send the message from step 1. Arnt
|
|