On Sun, 13 Jun 2004, Christian Balzer wrote:
>
> But unless you can make sure that those tokens are never exposed,
> you are going to become vulnerable again (just look for spam that is
> addressed to email/usenet message IDs).
> Possible/likely leaks are mailing list archives and even more in this
> day and age compromised machines of people you communicated with.
> Given the the increasingly close proximity of spammers and worm/virus
> authors a rather plausible scenario.
Mailing list archives won't be a problem because list systems usually
don't propagate the original return path. In any case you should make sure
that the address in the Sender: header is *not* signed. This is because
(slightly counter-intuitively) it is a destination address not a return
address: like the Reply-To: and From: headers it may be used when creating
reply messages.
--
Tony Finch <dot@???>
http://dotat.at/