mouss wrote:
and if a signature is too short (user-part length limitations), then
it won't take long to break.
But there's no NEED to break it.
Since the recipient has no way of knowing if a sender domain supports
BATV, then a spammer has no need to break the BATV key, unless their AIM
is to cause back-scatter. Since I don't think that's a spammer's aim
(except in the case where they really want to launch a DDoS attack),
then I don't think there would be any incentive to try to break it if
it's non-trivial.
That's fine, as it doesn't seem that the remote server is supposed to
gain any benefit. It's the spoofed domain's MTAs which can gain the
benefit.
but then why standardize the format? anybody can use "internal
aliases" of any form (aka disposable addresses).
That's my view as well. A standard return path syntax (eg
'batv=<key>=<orig-local-part>@<domain>') is a good idea as it allows the
original local part to be extracted if necessary, but beyond that,
there's no point to a standard format for private keys.
--
Paul Smith
VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows