ietf-mxcomp
[Top] [All Lists]

Re: The forged bounce question

2004-07-30 00:39:46

Le vendredi 30 Juillet 2004 02:09, Douglas Otis a écrit :

Not everyone uses a null RFC 2821 MAIL FROM when they bounce.
Determining a bounce then requires RFC 2822 checks of the From or
Subject headers. This is not a solid basis for rejecting a message
however.  The act of the bounce is best known by the sender, in this
case.

What about the following idea :

- Suppose that our outgoing SMTP servers encode _all_ of their outgoing MAIL 
FROM with SRS, whether or not the message is a forward, and whether or not it 
initially comes from our own domain.

- Now we can reject all "bounces" (MAIL FROM: <>) that we would receive, which 
RCPT TO: wouldn't be a valid SRS address.

Because if this were a legit bounce, then it would be a reply to one of our 
own messages, and would thus go to a valid SRS address.

Looks simple, but what do you think ?

-- 
Michel Bouissou <michel(_at_)bouissou(_dot_)net> OpenPGP ID 0xDDE8AC6E


<Prev in Thread] Current Thread [Next in Thread>