Michael R. Brumm wrote:
SRS:
ugly
not exploitable
requires upgrading only the MTAs which forward
SUBMITTER:
pretty
bounce forgery is exploitable
requires upgrading ALL MTA which want to receive a forward
(much larger pool)
Stuart D. Gathman wrote:
Resurrecting Deprecated Reverse Source Path:
pretty
bounce forgery is exploitable (fixable with SES, btw. See
suggestion for validating SES via DNS instead of CBV.)
requires upgrading (or downgrading :-) only the MTAs which forward
Seth Goodman wrote:
Absolutely. This is already in the RFC's, it won't break any MTA's that
don't implement the protocol and it requires no new ESMTP parameters. This
really seems like a pretty obvious choice.
Ok, anyone got anything written up on various implications of resurrecting
reverse source path for use with SPF?
And, if you need to add SES to reverse source path to prevent bounce forgery,
then why not just use SRS?
Michael R. Brumm