spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: ENVID to prevent forged bounces with SUBMITTER?

2004-06-05 14:13:04
from [Michael R. Brumm] [Permanent Link] 
Michael R. Brumm wrote:

-SRS is ONLY required by forwarders (not senders or receivers), and
extensions to SMTP are NOT needed.



-SUBMITTER is required by forwarders AND receivers, and an extension to SMTP
is needed. And, worst of all, bounces can be forged.


Stuart D. Gathman wrote:

-RSP (Reverse Source Path) is ONLY required by forwarders, and extensions
to SMTP are NOT needed.


You left out the fact that RSP also allows injections of forged bounces.

Like SUBMITTER, in order to prevent injections of forged bounces, you have to 
add some type of signing on the sender (often SES is proposed) to detect them. 
So SRS still wins because it only requires modifications to the forwarders.

Michael R. Brumm
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: ENVID to prevent forged bounces with SUBMITTER?, Michael R. Brumm
Next by Date:  Re: Question on how things work, Greg Connor
Previous by Thread:  Re: ENVID to prevent forged bounces with SUBMITTER?, Stuart D. Gathman
Next by Thread:  Re: ENVID to prevent forged bounces with SUBMITTER?, Daniel Taylor
Indexes:  [Date] [Thread] [Top] [All Lists]