On Fri, May 3, 2013 at 12:56 PM, <[email protected]> wrote:
>
>> The problem case is where a spammer discovers that sending to an
>> address will generate a bounce and sends with forged 'from' addresses
>> that are intended as the eventual targets. So there is potential for
>> damage, but it doesn't necessarily override the responsibility to
>> deliver or report failures.
>
> The above is not only a backscatter problem but the fundamental flaw in
> challenge-response systems (because to be useful, the challenge message must
> quote some part of the message under challenge -- even if it's just the
> subject line).
>
> Backscatter for the most part is not a problem because it has a simple
> solution: Message source authentication, with varying implementations and
> degrees of success - SPF, DKIM, MTX, PGP-signatures, etc.
Various degrees of failure would be a better description....
--
Les Mikesell
[email protected]
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
