Re: Whitelists instead of SRS

How do we handle the case when trusted forward is compromised?

That requires a huge infrastructure change at _every_ receiver siteinstead of the far fewer forwarder sites. An enormous number of aolusers have their mail forwarded from places like @acm.org or@alma.mader.edu. That would mean that aol would need to implementper-user trust lists -- and the users would need to be educated.

On the other hand, no users need to be educated if aol were to say:forwarders don't use aol.com in the envelope sender, if you areresending mail, take responsibility over the return path or expect itto be rejected.


On Apr 22, 2004, at 12:44 AM, Mark Shewmaker wrote:

Let me modify and reposition my previous suggestion:  I would suggest
that whitelists are a better solution to handling forwarding than SRS.

As a user, I would like to be able to have a ~/.trusted-forwarders file
such as:

  user(_at_)forwarder(_dot_)com
  @my_employer.com

  include:trusted-forwarders.org
  include:good_friend(_at_)isp(_dot_)com
  include:~myfriend/group-trusted-forwarder-list

  options:-all


How do we handle the case when trusted forward is compromised?

Basically, what we are saying is that every _user_ that uses aforwarding service must be able to manage their own whitelist ratherthan timy (in comparison) number of forwarders adapting. I don't seehow whitelists benefit from any economy of scale.


// Theo Schlossnagle
// Principal Engineer -- http://www.omniti.com/~jesus/
// Postal Engine -- http://www.postalengine.com/
// Ecelerity: fastest MTA on Earth