> > If it is that the mail server accepts the incoming because it is > > apparently from another server it trusts, maybe the second part of the > > RFC could be used to tackle that. It reaches back, post connection, to > > the mail server that was proportedly the sender, and checks the message > > ID and a digest of the message with it. If that mail server replies > > "whatare you on about?" then the mail was very craftily faked. > > This is a sensible approach, but it would increase server workloads, as they > would have to maintain lists of message_id's that they sent. >
DYST seems like a good idea. One thing to remember though is that a message could be recieved from MUA(Client) or fowarded from an MTA(Server). The 'Did you send this' cannot be sent to clients. This combination should help out: - SMTP Auth, - Close Relay - (DYST) Did You Send This. This command could be sent to servers with 2 options (a) Message ID or (b) Message Digest. Some issues could be Mail Servers need to remember the messages sent. This may be not that easy to add to existing mail servers. Mail servers may need to mentain history of messages sent for a guaranteed and agreed upon time span. 6 hours or 1 day could be the timeout for sent messages. If the recieving server has not been able to check a set of messages for DYST within the set time, the recievrng server must assume mail message has passed DYST test. I will do a writeup on this over the weekend and send it to the list. It can then be ignored/expanded/implemented as you all like. Harmeet -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
