Seth and Stuart wrote:
Resurrecting Deprecated Reverse Source Path:
pretty
bounce forgery is exploitable (fixable with SES, btw. See
suggestion for validating SES via DNS instead of CBV.)
requires upgrading (or downgrading :-) only the MTAs which forward
Absolutely. This is already in the RFC's, it won't break any MTA's that
don't implement the protocol and it requires no new ESMTP parameters.
This
really seems like a pretty obvious choice.
I just add this to my SPF implementation (www.pamho.net/source):
If there is a source routing in the envelope sender, then the leftmost
domain is tested. Only if the result is 'none' or 'neutral', the email
address (with the source routing stripped) is tested.
(Maybe this should be added as a SHOULD or MUST to the SPF specs.)
It does not harm in any way and it works already now with forwarders that
use ancient software.
Roger