On Sat, Nov 22, 2003 at 04:03:44PM -0800, Russ Allbery wrote:
Kai Henningsen <kaih(_at_)khms(_dot_)westfalen(_dot_)de> writes:
Personally, I think we should investigate having those filters available
as a general tool, not just an anti-spam filter.
An interesting question would be "how do I determine if a given DSN is for
mail that I've personally sent?" An MUA that can answer that question and
filter out DSNs that aren't for mail that I've sent would be very useful,
although in some cases it's necessary to reject the mail at the SMTP level
due to the sheer level of traffic when widespread forgery is happening.
In ESMTP framework (DSN to be exact), we have this ENVID= thingie.
Having a database of sent ENVIDs makes it simple to weed out forgeries.
Having limited lifetime (up to a month or two) would limit even replay-
forgeries.
Of course when an ENVID contained message is sent to a system without DSN
support, you get (or don't get, depending on NOTIFY= parameter) info
about such relaying, and you won't get DSNs with ENVIDs thereafter.
--
Russ Allbery (rra(_at_)stanford(_dot_)edu)
<http://www.eyrie.org/~eagle/>
--
/Matti Aarnio <mea(_at_)nic(_dot_)funet(_dot_)fi>