[Top] [All Lists]

Re: BATV pseudo-Last Call

2008-05-20 06:57:32

mouss wrote:
and if a signature is too short (user-part length limitations), then it won't take long to break.
But there's no NEED to break it.

Since the recipient has no way of knowing if a sender domain supports BATV, then a spammer has no need to break the BATV key, unless their AIM is to cause back-scatter. Since I don't think that's a spammer's aim (except in the case where they really want to launch a DDoS attack), then I don't think there would be any incentive to try to break it if it's non-trivial.

That's fine, as it doesn't seem that the remote server is supposed to gain any benefit. It's the spoofed domain's MTAs which can gain the benefit.
but then why standardize the format? anybody can use "internal aliases" of any form (aka disposable addresses).
That's my view as well. A standard return path syntax (eg 'batv=<key>=<orig-local-part>@<domain>') is a good idea as it allows the original local part to be extracted if necessary, but beyond that, there's no point to a standard format for private keys.

Paul Smith

VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows

<Prev in Thread] Current Thread [Next in Thread>