On Mi, 21 iul 10, 20:47:44, Don Armstrong wrote: > On Wed, 21 Jul 2010, Gerfried Fuchs wrote: > > I mean that everyone could mail as foo@example.com - and if one is > > out to abuse the system they definitely would choose to use > > foo@example.com as sender address and not bar@domain.com. > > Yeah; the point here is that if someone wants to change the > information of foo@example.com, you need to send mail to > foo@example.com asking for confirmation (ideally with some kind of > secret that only you and whoever reads foo@example.com would know; the > message-id would probably be enough.) > > [Anyone can change envelope From and header From to be any value.] I imagine some automated challenge-response could be implemented for all mails to consultants@d.o and similar addresses, but I lack the skills to work on something like that. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
Attachment:
signature.asc
Description: Digital signature