Stuart D. Gathman wrote:
On Mon, 15 Aug 2005, Frank Ellermann wrote:
P.S.: 26 new "misdirected" bounces while I typed this article.
[Assuming by bounce you mean a DSN with MAIL FROM = <>]
You need to use self-signing SRS or old SES to discard those
misdirected bounces. I've gotten 200 since yesterday, but I had
to grep the log to count them. Old SES doesn't compute a body hash,
and is useful as an improvement over self-signed SRS for blocking
bounce spam.
[New SES is an alternative to DKIM where you query the sender to validate
a hash code instead of fetching a public key and validating a signed
hash code. Unlike DKIM, it can stop most forgeries before SMTP DATA.
Like DKIM, it suffers from body hash limitations.]
This is only feasible when you run your own mail server I think. If
there's a way to do this otherwise, then I think a lot more people would
be interested....
Also, if the outbound SMTP server is not also the MX for the domain
(which is normal in large setups) I would imagine there are some
inter-server coordination issues that would make this approach a challenge.
Scott K