mw-list-spf-discuss(_at_)csi(_dot_)hu (mw-list-spf-discuss(_at_)csi(_dot_)hu)
wrote:
You do realize that ezmlm-idx archives retain the return-path. I
think you are assuming that mailing list archives are all created by
subscribing the archive user to the list. Well, no. For example,
ezmlm-idx creates archives in place (where the list manager is
located) directly from the posts to the list.
Can you show an example of such an archive? I haven't seen one yet.
Also, we could politely suggest to the archive owners that they
munge addresses (in both header and envelope) before allowing them
to hit the web.
And in the worst case, spammers can still only use the return-path
addresses for a few days. It's just one more tool we can use to
make their lives harder.
Do we get more than with dated addresses of TMDA or qconfirm which
work _now_ without requiring the whole internet to switch to them
before they would work?
Using SRS (or any other sort of per-outgoing-message envelope sender
rewriting scheme) to protect against forged bounce messages works right
now, and does not require anyone else to "switch" to it.
I looked at TMDA briefly before I came up with my SRS-bounce thingy and
hacked it onto my local qmail installation. It seemed to me that TMDA
didn't do the same thing, and couldn't easily be adopted to do it, so I
didn't use it. Perhaps I overlooked something; I'm certainly fallible.
Hacking SRS to do the same thing was easy once I had the basic idea.
Or at least, it wasn't a herculean task.
--
Greg Wooledge | "Truth belongs to everybody."
greg(_at_)wooledge(_dot_)org | - The Red Hot Chili Peppers
http://wooledge.org/~greg/ |