On Behalf Of David
this looks really nice, one objection is that it needs modification to
dns server software so it can handle this kind of queries and
check the
correctness of the ses signature. As this kind of verification is only
done in the case of forwarders, why not make this check as a
callout to
the domain's mx servers (trying to verify the existence of the email
address either with VRFY or with MAIL FROM/RCPT TO) ? This process add
some extra overhead, but taking in account that it will only be need
on a small amount of cases and that it does not need to patch another
piece of software, maybe it will be more easy to deploy it.
A DNS lookup is UDP packet with no requirement of a conversation so its
quick and low overhead.
Setting up an SMTP connection using TCP and using it to verify an address is
not only expensive but opens a great way to trawl for addresses.
This is primarily why any good system admin disables VRFY and EXPN on any
SMTP server they use.
Regard Richard.