On Fri, 17 Feb 2006, Frank Ellermann wrote:
If that's the idea CBV will perfectly work with BATV. The
case where BATV would reject bounces includes direct RCPT TO x
MAIL FROM <> instead of RCPT TO crypto-x+epiration.
But CBV doesn't verify x, it verifies crypto-x+expiration.
So where's the problem ?
Just remembered another problem. If you immediately reject invalid
RCPT TO, spammers use that to launch dictionary attacks. By delaying
until DATA, they get no information on valid emails. However, maybe
this isn't such a problem with MAIL FROM <> and signed RCPTs. They aren't
going to find a valid non-bounce email that way!
I have turned on immediate rejection for unsigned bounces in my mail server.
This has come up before, and people convinced me that delaying until
DATA was important, but I can't remember all the reasons. I am keeping
better notes this time. Also, I have a lot more real world SMTP experience
since them, and can form my own opinions.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com