ietf-mxcomp
[Top] [All Lists]

Re: The forged bounce question

2004-07-30 07:19:41


----- Original Message ----- 
From: "Michel Bouissou" <michel(_at_)bouissou(_dot_)net>
To: "IETF MARID WG" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Friday, July 30, 2004 3:39 AM
Subject: Re: The forged bounce question

What about the following idea :

- Suppose that our outgoing SMTP servers encode _all_ of their outgoing
MAIL
FROM with SRS,

The trick is to encode SOMETHING into the 2821.MAILFROM.    MUA/MTAs that
don't know the 'secret' can't forge the MAILFROM.   Take your pick of
encodings BATV/SES/SRS/whatever.

This argument is orthogonal to 2822 identity checking.    Those method do
not need to use the LHS of the 2821.MAILFROM.  Both methods should work fine
in tandom.

-Sam





<Prev in Thread] Current Thread [Next in Thread>