On Tue, 1 Feb 2005, Matthew Newton wrote:
>
> A future idea would be to put the hash into the envelope from, and
> remove it when mails come back. This would require a lot more invasive
> stuff, though. It would, however, have the advantage of being able to
> check the message in the mail from ACL or the rcpt ACL (where it was
> before this), rather than having to wait for the data ACL.
>
> If anyone has any comments about this, especially if you can see any
> problems (there don't seem to be any at the moment), then please let me
> know! I'm not sure if blocking on-site addresses from off-site in
> general is a good idea, especially since I've fixed the spam checking
> system, but that was not my decision.
You might want to read about what I'm working on, which uses similar
techniques but is aimed at reducing collateral spam, but it also provides
general forgery protection. We're going straight for putting cookies in
the return path, which as you say requires a fair amount of infrastructure
to support. This is probably why I haven't finished it yet!
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/antiforgery/cam.txt
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2004-08-cl-csg/
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
