spf-discuss
[Top] [All Lists]

SV: SV: Security Paper on forgery bounce DDoS

2004-04-19 03:00:11
If you want to receive all kinds of bouncing messages, you cannot get rid of 
spam. But a vacation message should definitely be sent from a server that 
complies with SPF.

Med venlig hilsen - Best regards
Lars B. Dybdahl, M.Sc.

Phone: +45 45880888

-----Oprindelig meddelelse-----
Fra: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com 
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] På vegne af Tony 
Finch
Sendt: 19. april 2004 11:54
Til: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Emne: Re: SV: [spf-discuss] Security Paper on forgery bounce DDoS

On Mon, 19 Apr 2004, Lars Dybdahl wrote:

- Be able to receive bounces. Cookies in sent e-mails are one way to
ensure, that you only get the correct bounces, so SES might be a
technique here, but CBV is not necessary.

Some legitimate bounces (e.g. vacation messages) don't include the
original message, so cookies in anything other than the reverse path are
not a complete solution.

-- 
Tony Finch  <dot(_at_)dotat(_dot_)at>  http://dotat.at/