-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott Kitterman wrote:
Julian Mehnle wrote:
Oh, in fact it's pretty simple. Just have the "downstream" (to-be-
configured) MTA generate a one-time password and have the user enter it
into the "upstream" MTA's "hand-over-configuration-details" interface.
The upstream MTA then includes the one-time password when sending its
configuration mail to the downstream MTA, which can then verify that it
is really the user who authorized the white-listing of the upstream
MTA.
I think you and I have different definitions of simple.
Now I have some basis to believe you aren't lying about who you are, but
I don't see how that translates into I believe you when you promise you
already checked SPF and I needn't bother?
I think this needs reputation and/or accreditation to work. Not simple.
Remember that we're (or at least, I am) talking just about automating the
white-listing of one's own forwarders. If you say you don't trust them to
be doing SPF checks when they say they are, then that's a problem that the
market will have to solve. Don't use a forwarding service you don't
trust. After all, they could do _anything_ with your personal mail...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFS6/1wL7PKlBZWjsRAnv0AKDSb6r5aOqwebK3WzC7YCBE2twi/QCfR9sA
eTKEY5gJ4P77eYXFdHEFeoQ=
=FKlE
-----END PGP SIGNATURE-----
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735