David Brodbeck wrote:
As for rejecting invalid bounces, some people have been experimenting with adding a short crypto hash to the envelope sender address of each message. If a bounce comes in and the hash is wrong, it has to be invalid, so it's rejected. Google for 'signed envelope sender' for more info. This is an interesting idea because it doesn't require anyone else to do anything -- you can implement it on your own domain and see immediate benefits.
TMDA (http://www.tmda.net/) is a system that'll allow you to do this.Yes, whilst TMDA is a challenge-response system which some won't like, you can (trivially) configure it not to ever challenge, and use it for other means, such as validating crypto-style envelope senders.
-- Stephen Warren, Software Engineer, Parama Networks, San Jose, CA swarren@xxxxxxxxxxxxx http://www.wwwdotorg.org/