-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Mar 10, 2004 at 02:56:04PM -0700, Jason R. Mastaler wrote: >kevin lyda <[EMAIL PROTECTED]> writes: > >> it would handle forged from addresses. > >How so? The owner of the forged e-mail address would still receive a >bounce message (from the MTA this time).
I think the idea is that the spammer would connect directly to the victim's mail server, forge an address, and get a reject immediately. Rather than generate a bounce message to the forged address, the spammer goes on to the next victim on the list. Regular users would get the bounce because their legitimate mail server would generate one when it gets the rejection. Contrast to TMDA which accepts the message and generates a bounce (challenge) of its own, using the forged address. This SMTP-time C/R falls down in the case where some intermediate mail server accepts the (forged) message, not knowing that it will be rejected. In that case, the forged address STILL gets a bad bounce because the legitimate intermediate mail server generates one when it gets the rejection. Kevin, correct me if I'm wrong. The problem with this scheme that jumps out at me is that the challenging mail server gets ONE LINE to issue its challenge (the message sent with the SMTP rejection). That line is supposed to be returned to the user, but it typically is one line in a much larger message. When I get a bounce message, it's a pain to have to figure out why. I know some people get them and CAN'T figure out why. That one line is just not big enough to get the attention it needs to be a challenge that someone can answer. - -- Kyle Hasselbacher Down with protests! [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAT5SN10sofiqUxIQRArBIAJ9ZcfcG9o1ss3k/dJRS99144A/ahgCbB/sV 1ZH6MLjbzMCYvLOnkNdyvZU= =fwJx -----END PGP SIGNATURE----- _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
