On Thu, 3 Jun 2004, Michael R. Brumm wrote:
Finally, I've thought a lot about SRS vs. SUBMITTER in the past few days.
SRS:
ugly
not exploitable
requires upgrading only the MTAs which forward
SUBMITTER:
pretty
bounce forgery is exploitable
requires upgrading ALL MTA which wants to receive a forward (much larger
pool)
You forgot:
Resurrecting Deprecated Reverse Source Path:
pretty
bounce forgery is exploitable (fixable with SES, btw. See suggestion for
validating SES via DNS instead of CBV.)
requires upgrading (or downgrading :-) only the MTAs which forward
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.