At 08:29 -0400 on 05/02/2007, David F. Skoll wrote about Re: OT
Brainstorm: Email Validation among different system:
Hector Santos wrote:
My point here is simply that a professional AVS email security service
bureau will most likely have and offer (if they want the business) a
"interface" specification such as http://www.virtualconnect.net which
allows the operator to update their list of valid users via an email
automated fashion.
Ponder the security risks of such an implementation.
PKI Sign and Encrypt the message body/list of addresses. Since the
list is going to end up in an automated process, the need to do the
decryption and signature verification is not that big an issue to
build in. The Signature validates the list while the encryption
protects the addresses themselves from interception of the message.