-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Woodhouse wrote:
On Sat, 2008-01-05 at 19:02 +0000, Julian Mehnle wrote:
David Woodhouse wrote:
MAIL FROM forgery is simple enough to fix anyway, with schemes such
as BATV and SES which can be implemented unilaterally, without
requiring the world to change.
BATV and SES don't prevent MAIL FROM forgery. They merely help
_senders_ sort out invalid bounces. They don't do anything for the
_receivers_.
Not so.
[... SMTP transaction transcript with callback verification demon-
strating the rejection of an unsigned MAIL FROM address ...]
You said it could be implemented unilaterally, but then you assume that
receivers do callback verification.
why would you need multiple handles for the same sending host?
Because of many domains sending through a common host, some domains
may be sending mostly spam whereas other may be sending mostly
non-spam. Your answer to that is probably: "Why accept mail from a
spammy host, even if some mail is good?
You've already ignored my answer to that, conveniently. And that wasn't
it.
I am sorry, I must have overlooked it. Can you please repeat it? I
promise not to ignore it a second time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHf/DcwL7PKlBZWjsRAi1TAKCeaxHPg9Ph9Ur5S9+4vJaXAoxG6QCfREjL
yBsaz4wuRvc2qm10+d9ibWs=
=UHkG
-----END PGP SIGNATURE-----
-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Archives: http://v2.listbox.com/member/archive/735/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/735/
Modify Your Subscription:
http://v2.listbox.com/member/?member_id=2183229&id_secret=82219166-248407
Powered by Listbox: http://www.listbox.com