On Thu, Feb 19, 2004 at 10:11:39AM -0600, mw-list-spf-discuss(_at_)csi(_dot_)hu
wrote:
On Tue, Feb 17, 2004 at 01:42:32PM +0000, Brian Candler wrote:
I can't see any solution to this apart from having a message signature or
cookie which lets me prove that an incoming bounce was in response to a
message I sent. Such a cookie could go:
(1) in the envelope-sender address (VERP)
This is what ezmlm does for subscription verification. Envelope is
much more efficient to deal with. In case of qmail, all envelope info
is recorded in environment variables.
(2) in a message header, although this relies on the bouncing MTA quoting
back at least the headers of the message it is bouncing, which not all
MTAs do [and certainly not all are RFC 3462 compliant].
This requires much more work because it requires parsing DATA.
Very minor difference I would say. CPU cycles are cheap, and for most of us
so is bandwidth. Even where it isn't (e.g. in a developing-country ISP), I'd
say web traffic by far swamps incoming E-mail bounce traffic by volume.
VERP is good too, but there are some real-world interoperability issues I've
seen reported here and elsewhere.
Regards,
Brian.