RE: SUBMITTER is a bad idea

On Thu, 3 Jun 2004, Michael R. Brumm wrote:

Finally, I've thought a lot about SRS vs. SUBMITTER in the past few days.

SRS:
 ugly
 not exploitable
 requires upgrading only the MTAs which forward

SUBMITTER:
 pretty
 bounce forgery is exploitable
 requires upgrading ALL MTA which wants to receive a forward (much larger
 pool)


You forgot:

Resurrecting Deprecated Reverse Source Path:
  pretty
  bounce forgery is exploitable (fixable with SES, btw.  See suggestion for
    validating SES via DNS instead of CBV.)
  requires upgrading (or downgrading :-) only the MTAs which forward

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

RE: first draft, proposed agenda for SPF/ID BOF today at Inbox Event, Michael R. Brumm

Next by Date:

Re: [Waitman] Spamware checking SPF records?, Waitman C. Gobble, II

Previous by Thread:

RE: SUBMITTER is a bad idea, Michael R. Brumm

Next by Thread:

RE: SUBMITTER is a bad idea, Seth Goodman

Indexes:

[Date] [Thread] [Top] [All Lists]