these guys do this kind of stuff: http://www.sigaba.com
AFAIK it is a variant of 'hey, did you just send me something?' using SAML. for the most part any type of authentication solution is going to require a single 'mx entity' to represent a given domain (something that can act as the srouce of record for all messages being sent from a domain). accepting that limitation a simpler (and less secure) solution than sigaba's would be for james to: 1. perform an MX lookup on the sender's domain 2. initiate an SMTP connection to MX 3. send NON STANDARD SMTP mmessage (like): validate:[msgid] 4. get a response of OK (validated) NG (forged) anything else is treated as unauthenticated 5. close validation connection 6. deal with incoming message accordingly. of course there are lots of things that can go wrong (stuff like this becomes a spam/DoS multiplier, only works with other james servers, etc.), but there is a lot to be said for talking to the server that supposedly sent the message directly. using SMTP as the transport isn't all that secure, but the mechanism is troublesome enough to knock down the vast majority of spam posers (they would have to hijack the ip address or dns entries for the domain MX). it also has the benefit of being lightweight in terms of processing (file size doesn't affect validation, as is the case with signatures). b > -----Original Message----- > From: Noel J. Bergman [mailto:[EMAIL PROTECTED] > Sent: mercoledi 20 agosto 2003 20.22 > To: James Users List > Subject: RE: From email address validation > > > > Does anyone know of an approach or standard (commercial or not) that > efficiently validates the email address of a sender? > > Digital signatures. I keep thinking that eventually they will become > mandatory, and that mail without a valid digitial signature will be > considered spam by default. > > --- Noel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
