At 12:19 15-11-2007, Douglas Otis wrote:
Only to HTTP servers located within the "_tbr." subdomain. This will
not impact other websites. In addition, fairly straight forward
anti- abuse measures can be applied, and are recommended in the draft.
Some sites may use the same infrastructure to host their other web
services. That angle may have to be explored further.
5) protect valid email-address confidentiality
See Section 7.6 of RFC 2821 about information disclosure in message
forwarding.
This was not the concern. An attempt to send to an invalid recipient
is likely to return an error which may indicate their non-existence.
When a message is forwarded, the sender doesn't know the final
recipient. I was pointing out at disclosure of information about the
final recipient.
A side-effect of using SPF for the first part above is that sender
address rewrite generally suggested as a solution for forwarding
doesn't fit into TBR.
Regards,
-sm