On Wed, 2004-12-08 at 19:26 +0000, Mark wrote:
The self-signed SRS is basically SES classic. Leave out the duplicate
source domain, and change the leader so as not to confuse software
that "unwraps" SRS, and you have SES classic.
Yes, Stuart, this is true. Hannah and I reached pretty much the same
conclusion, the other day. Those two forms really look remarkably akin. :)
If you only reached this conclusion "the other day" then you're a little
behind the times. What you call 'SES classic' was _obviously_ just self-
signed SRS before Meng ever coined the term 'SES' for it.
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200402/0900.html
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200402/0901.html
BATV is basically the same thing.
... Part of the message digest is included in the
MAIL FROM signature in place of the message id,
so most forgeries are detected before SMTP DATA.
How can you check your digest against anything before the DATA is in?
You can't. You can reject the _obvious_ forgeries where the digest
doesn't match _any_ message the sender actually sent, but you have to
look at the DATA before you can reject for a digest mismatch. Of course
you can still reject at SMTP time after DATA.
--
dwmw2