On Sun, 1 Jan 2006, Frank Ellermann wrote:
Please check that I don't spread nonsense about SES, I'm
lost with all SES details.
No, you were fine. SES is rather overkill for simply blocking bounce spam. I
experimented with it and went back to SRS. The current SES does more than
block bounce spam - it can validate the MAIL FROM, and 2822 headers (via
a message digest ala DK) by means of recipients querying the (alleged) sender
(instead of public key cryptography). If the recipient checks SPF, and the
sender installs a custom DNS server, the MAIL FROM validation can happen as
part of SPF - and has the advantage that it is immune to (non-rewriting)
forwarders.
I agree that the custom DNS is a problem. I still haven't got a scriptable
Python authoritative DNS server in production. (But it hasn't been
a paying project either.)
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com