On Tue, 17 Aug 2004, Meng Weng Wong wrote:
On Tue, Aug 17, 2004 at 03:44:00PM +0200, Roger Moser wrote:
|
| .. or the sender implements SES (signed envelope sender).
|
Folks interested in implementing SES (which has been
reinvented as BATV by some people in the MARID group) should
review
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/antiforgery/cam.txt
http://asarian-host.net/srs/sendmailsrs.htm
I have implemented SRS via pysrs: http://bmsi.com/python/pysrs.html
It is on a dozen or so mail servers.
SRS works great for forwarding, and also works great for stopping
forged bounces when applied to all outgoing mail.
What SRS does NOT do is provide authentication. To provide authentication,
an SRS scheme must incorporate a message id that is unique for every
message, use a larger hash cookie, and limit validations for a given
message id to prevent replay attacks.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.