On May 4, 2009, at 1:28 PM, Arik Fraimovich wrote:
The MD5(time) was just a suggestion for _one time_ generation of the
mailbox name.. of course they can pick up something more readable, as
long as they keep it private and unguessable.
That's what I figured - I just wanted to indicate why it was a bad
idea if the address was changing all the time.
I guess you're right. It's time for me to google for domain keys. If
you have any suggested reading material - feel free to post some
links :)
http://en.wikipedia.org/wiki/DomainKeys
Also, while we send DK and DKIM, we will someday soon discontinue
sending DomainKeys, and will only send DKIM. Code for DKIM.
I do have to question having your client verify DKIM again, though.
These activities should be dealt with inside of your MTA and not a
mail destination script hanging off of the MTA. What exactly are you
trying to protect against? A user forging an email to your MTA as
twitter?
That's defensible by fixing your MTA's configuration (to validate DKIM
and SPF coming from twitter.com hosts) and not doing it in your script.
--john
---
John Adams
Twitter Operations
j...@twitter.com
http://twitter.com/netik