[Asrg] small correction re identifying bounced mail

[Amir Herzberg <herzbea at cs.biu.ac.il>]

Seth responded thus:
> > for a sufficiently large ISP (think AOL, or a cable modem business),
> > keeping track of the tuples of <sender, recipient> for any length of time
> > will require a _substantial_ database infrastructure.

> Under 1K of data.  Remembering stuff is doing it the hard way.  Create
> the lhs of the Message-ID signed with a private key that changes
> daily.  If the "response" doesn't have one you could have generated
> recently, it's bogus.

Just to clarify, you should use here a MAC (Message authentication code, 
 e.g. HMAC), not a public-private key signature scheme (e.g. RSA), to 
ensure validation is efficient. I am sure this is what Seth meant but I 
thought clarifying can't hurt.

Of course, as others noted, this does not help if the original message 
went thru a different MTA (e.g. road warrior, home vs. office), unless 
done by the client sw itself.

Best, Amir Herzberg
http://AmirHerzberg.com


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg