joel, all, On Wed, 6 Feb 2002, Joel Maslak wrote: > The fix for this requires sophisticated bounce tracking software. The > only real way to fix this problem is to send each recipient a message with > a custom-encoded FROM envelope address, such as: > bounce-<user-id>-<security-key>@example.com > Where the user-id is some sort of database identifyer and the security key > is simply a random number kept in the database to prevent malicious > activity (it could also be some sort of cryptographic code). When the > example.com mail server receives a message to bounce-xxx-yyy@example.com, > it checks the security key, verifies that the bounce is a permanent > bounce, and deletes the user. it's worth noting that this is a succinct description of VERP (variable envelope return path), something used by ezmlm and qmail to accomplish exactly this--make it difficult to forge a bounce and easy to determine true per-recipient bounces. VERP makes handling large mailing lists trivial and significantly reduces this security problem. see http://www.lifewithqmail.org/lwq.html#verp for a good description. -- todd underwood, vp & cto oso grande technologies, inc. todd@osogrande.com "Those who give up essential liberties for temporary safety deserve neither liberty nor safety." - Benjamin Franklin
