On Tue, Dec 23, 2008 at 09:38:22AM +0000, Peter Bowyer said:
> 2008/12/22 Matthew Newton <mcn4@???>:
> > On Mon, Dec 22, 2008 at 07:44:49AM -0800, Dan_Mitton@??? wrote:
> >> You might want to look into implementing SPF. It would catch any mail
> >> forged from your domain. www.openspf.org
> >
> > Probably more reliable to configure BATV, which will refuse all
> > bounces if they are not arriving at a 'signed' address. Immediate
> > fix for the joe-job problem.
>
> ... with the caveat that all outgoing mail must be signed, implying
> that it (probably) all needs to flow out through the same MTA.
> Otherwise you risk rejecting bounces to mail that was sent genuinely
> but not BATV-signed (which may or may not be important depending on
> the implementation).
BATV is a standard, so if you have two MTAs implementing it correctly,
it shouldn't matter which one the mail left from. This is, of course,
only in theory - I am quite sure someone will manage to come up with a
case where this breaks :)
Cheers,
--
--------------------------------------------------------------------------
| Stephen Gran | In God we trust; all else we walk |
| steve@??? | through. |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------