From: Murray S. Kucherawy <msk@se...> - 2007-03-12 20:41:51
Those of you following the sender authentication efforts in general may
have heard of BATV, or Bounce Address Tag Validation. This is a proposal
that's been picked up by the SMTP working group and is now an IETF draft.
Some general information about it is available here:
Essentially the proposal uses some simple cryptography to sign the
envelope sender address as mail goes out. The theory is that bounce mail
(i.e. mail with an empty envelope sender) inbound which is unsigned is
probably a bounce which was generated by unauthorized use of your address,
and the bounce can be safely rejected or discarded. This, theoretically,
means all the bounces generated by spam campaigns which claim to be you
won't flood your mailbox anymore.
I've posted an experimental (i.e. not very heavily tested yet) filter on
Sourceforge under the project name "batv-milter". It requires sendmail
8.14 as it makes use of some new protocol extensions not available in
prior versions. If you have time or interest in tinkering, you're welcome
to download it and give it a try.
As I'm able to give it some more real testing and evaluation, I'll be
using the lists and trackers under that project to keep people updated.
There's an IETF conference next week which I'll be attending so more could
develop with that project (and, for that matter, these others) during and
afterwards as well.
I won't be mentioning it on this list again unless the discussion is
Murray S. Kucherawy ========================================= msk@...
Senior Software Engineer Sendmail, Inc. Emeryville, CA, USA
(510) 594-5400 http://www.sendmail.com