On Thu, Feb 19, 2004 at 11:24:11AM +0000, Brian Candler wrote:
(2) Messages you send publicly (to mailing lists) would normally have the
Return-Path: replaced with the mailing list's own Return-Path:
You do realize that ezmlm-idx archives retain the return-path. I
think you are assuming that mailing list archives are all created by
subscribing the archive user to the list. Well, no. For example,
ezmlm-idx creates archives in place (where the list manager is
located) directly from the posts to the list.
(3) The signature expires after a few days, so even if such addresses could
be harvested, they would not be useful in the longer term, distributed on
CD-ROMs etc.
I thought secrets are changed monthly, and the timestamp is not used
when the hash is applied. This seems to give a full month to play
with the address. Is the gain worth the effort: change usual
bouncehandling, demand some parts of an MTA run setuid, etc?
Do we get more than with dated addresses of TMDA or qconfirm which
work _now_ without requiring the whole internet to switch to them
before they would work?
Mate
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html