On Fri, 4 Jun 2004, Roger Moser wrote:
Michael R. Brumm wrote:
Ok, anyone got anything written up on various implications of resurrecting
reverse source path for use with SPF?
And, if you need to add SES to reverse source path to prevent bounce
forgery, then why not just use SRS?
First, you cannot add SRS to a 64-character local part.
Second, SES is added by the original MTA only, whereas SRS has to be added
by ALL forwarders in the world.
By your description below, this is false. SES has to be added by the
original MTA AND all the forwarders.
For example if example.com sends MAIL FROM:
<John(_dot_)Smith-ses-hash(_at_)example(_dot_)com>, then the forwarder just
has to prepend
his domain name:
MAIL FROM: <@forwarder.com:John(_dot_)Smith-ses-hash(_at_)example(_dot_)com>
You can't add this to a 64 character local part for the same reason that
you can't do SRS in a strictly 64 character local part. The overheads in
the two cases are almost identical. This protocol requires modification
both on the forwarder and on the original MTA. In fact, it's logically
almost identical to SRS except for requiring the modification of the
original MTA as well.
S.
--
Shevek http://www.anarres.org/
I am the Borg. http://www.gothnicity.org/