At 3:45 pm +0000 2004/03/21, Russell King wrote:
>On Sun, Mar 21, 2004 at 02:40:13PM +0100, Giuliano Gavazzi wrote:
>> At 9:55 am +0000 2004/03/21, David Woodhouse wrote:
>> >they did not send, the page at http://www.infradead.org/rpr.html has an
>> >example of how to do that _without_ needing to change the way the world
>> >works. Basically you do rewriting only on your _own_ outgoing addresses,
>> >so the 'raw' address (e.g. dwmw2@???) is never used in valid
>> >MAIL FROM:. Then you can reject bounces to that address -- and anyone
>> >doing sender verification callouts will hence also reject faked mail
>> >_from_ that address.
>>
>>
>> this, I think, is even a worse method than SPF as it breaks those
>> mechanisms that rely on the envelope address.
>
>I think you've mis-understood the principles behind dwmw2's method.
>Where do you think the breakage occurs?
>
>The rewritten envelope addresses remain valid addresses, in much the
>same way as a VERP-encoded sender address remains a valid address.
>For example, a VERP-encoded sender address looks like this:
>
> mailinglist-bounces+foo=bar.com@???
[...]
I was too unclear. Suppose you want to send instructions to your
registry for some technical changes to your domain. The registry will
expect the email to come from the admin or technical contact, and
might check the envelope sender rather than the header From. [Of
course I know this is not a safe identification method and I think
most registry now use web based, password protected methods, but this
is not the point and it is only an example!] If the envelope sender
has been tampered with by the server, be it valid or not, your email
instruction will be rejected.
Giuliano
