Paul Robinson writes:
On Tue, Feb 03, 2004 at 07:34:32AM -0500, Hector Santos wrote:
People are not going to spoof message-id, well, I don't see a reason
for it because you can already create unique ids.
They will for DoS reasons. If I can make your mail server think that
every messages it's going to see for the next 24 hours is a
duplicate, don't you think if I was Very Evil (tm), I might try?
So make the new message-id a 160-bit localpart followed by an IPv6
address. Anyone wanting to DoS away an SHA-1 hash is welcome to try.
(The message-id of this message is an MD-5 hash of the contents. Look at
it - it's not that long.)
Arnt