spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ENVID to prevent forged bounces with SUBMITTER?

2004-06-05 15:51:54
from [Daniel Taylor] [Permanent Link] 
Michael R. Brumm wrote:

Michael R. Brumm wrote:


-SRS is ONLY required by forwarders (not senders or receivers), and
extensions to SMTP are NOT needed.




-SUBMITTER is required by forwarders AND receivers, and an extension to SMTP
is needed. And, worst of all, bounces can be forged.



Stuart D. Gathman wrote:


-RSP (Reverse Source Path) is ONLY required by forwarders, and extensions
to SMTP are NOT needed.



You left out the fact that RSP also allows injections of forged bounces.


1. Don't bounce, reject.
2. If you must bounce, unwind the RSP.
3. If you must bounce and don't unwind the RSP, don't
   be surprised to find your bounces getting rejected.

--
Daniel Taylor
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ENVID to prevent forged bounces with SUBMITTER?, Stuart D. Gathman
Next by Date:  RE: ENVID to prevent forged bounces with SUBMITTER?, Michael R. Brumm
Previous by Thread:  RE: ENVID to prevent forged bounces with SUBMITTER?, Michael R. Brumm
Next by Thread:  RE: ENVID to prevent forged bounces with SUBMITTER?, Michael R. Brumm
Indexes:  [Date] [Thread] [Top] [All Lists]