It appears that Viktor Dukhovni <ietf-smtp(_at_)ietf(_dot_)org> said:
In particular, it is not unreasonable for the LDA to record an encoded
HMAC of the recipient address in the localpart, thereby making more
difficult abuse of "Delivered-To:" to elicit bounces of the message to
the purported envelope sender (because it is then harder for the
attacker to predict the magic "Delivered-To:" value).
Huh, interesting point. Do you know of an LDAs that actually do that? If so
we should
add it to the description of the existing practice if we do a draft.
When I look at Postfix and qmail, they both appear to use the plaintext
locally rewritten recipient address, which may not make much sense to
software other than the MTA.
R's,
John
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp