[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: forged bounces, was [Asrg] A CAPTCHA that automatically


On Fri, 4 Jun 2005, John Levine wrote:

I do not know the details of either.  But, speaking as an implementer,
I would much prefer to be tasked with implementing something basically
stateless like Domain Keys than anything requiring saving any
information about sent mail and feeding it forward to assist with
incoming bounce handling.


That's exactly the point.  DK, or any other signature system, puts
all of the message's state in the message itself, so the sending
host can then forget about it.  Anything that requires that the
sending host remember all the mail it's sent adds vast complication.


This is exactly the problem with SES and why I told them its not workable
large-scale, although otherwise its good idea.

BTW - the same is also true for BATV (in fact the technologies are really identical except SES allows for public dns verification server and BATV its all private).

--
William Leibzon
Elan Networks
william at elan.net

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg