spf-discuss
[Top] [All Lists]

RE: ENVID to prevent forged bounces with SUBMITTER?

2004-06-05 15:16:45
On Sat, 5 Jun 2004, Michael R. Brumm wrote:

Compare this to straight SES...

I'd love to do this comparison, except examining SES is like trying to nail
jello to a tree. It seems to have a different spec every day. Does it involve
CBV (callback verifier)? What is being signed? If just the originating
address, what prevents replays? 

Should it be done by the originating sender or the forwarders? 

The originating sender.

If the forwarders, how is it different from SRS?

It is exactly identical to SRS, except for being done by the originating
sender.

In fact, I am currently using an SRS package to do SES.  However, since
the incoming and outgoing domain are the same for SES, it can be shorter.
For instance, instead of:

SRS0=FEPOFORF=I6=foo(_dot_)com=user(_at_)foo(_dot_)com

I could use:

SES0=FEPOFORF=I6=user(_at_)foo(_dot_)com

Which is the same thing except for the incoming domain
being assumed to be the same.  This is an optimization.  Using the SRS format
works just as well if the local part isn't too big.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.