On Jan 13, 2004, at 6:21 PM, Philip Gladstone wrote:
I'm not sure that you can do this. In particular, E cannot know
whether the previous entry had the correct hash or not. I think that
the only solution is to use a database to perform the mapping. I'd be
inclined to HMAC the sender using a secret key. Then just send the
message on with bounce-<hash> as the sender. You need to store the
mapping from hash to sender in a database, along with some timeouts.
I'm not entirely certain why we should use an HMAC rather than a hash,
but it seems to provide a little extra security for very little extra
cost.
I am considering how to implement SRS in my forwarder as well. The
disadvantage of not including the original sender is that you make it
impossible for the recipient to usefully filter on the envelope sender.
- ask
--
http://www.askbjoernhansen.com/
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡