On Thu, 2004-05-20 at 16:43, Seth Goodman wrote:
The ultimate solution, proposed by Greg Connor in the "HELO vs. envelope
checks" thread, is to create a nameserver that can validate an SES
signature. This is lightweight in network bandwidth and puts the
computational load back on the sender, where it belongs. I can't address
the difficulty of implementing this, but it would solve the problem in a
fairly optimal manner.
Putting computational load on the sender is generally a good idea
(although with the normal caveats for MLMs), however you need to be
careful about putting load on the "claimed" sender - ie how does sender
pays work when the sender is being forged. A joe-job that slaughtered
the target (ie forged sender) subject's ability to send mail by killing
their authorisation server with junk load isn't a great improvement over
the current situation - although at least the recipients are being
buried with the junk in this situation.
Nigel.
--
[ Nigel Metheringham
Nigel(_dot_)Metheringham(_at_)InTechnology(_dot_)co(_dot_)uk ]
[ - Comments in this message are my own and not ITO opinion/policy - ]