On Sat, Feb 17, 2018 at 12:43 PM, John Levine <jo...@taugh.com> wrote: > In article > <caaqnkjcbexdxv0kf4tkrmum8gq-ohhltjzg8pn1b1behryi...@mail.gmail.com> you > write: >>I am saying that I think it's unwise to put what amounts to >>subscriber-level PII or basically clear identifiers in the Return >>Path/MFROM, if mail back to that address is interpreted as an >>indication that an action should be taken (like logging a bounce and >>potentially stopping future mail to that recipient). It's an open slot >>where an external actor could insert something to cause actions beyond >>the expected ones. That counts as a security concern in my book. > > Given that pretty much every message from an ESP has the recipient's > address on the To: line of the message, I'd put that particular risk > on the last page of my book. If you want to fake a bounce from someone > you certainly don't need VERP to do it.
Missing the point there. It has nothing to do with knowing the To: address for a given recipient. If the VERP string fields are just simple numeric identifiers, a bad actor could send ones with incremented or otherwise changed numbers to make the bounce handling system log bounces to the wrong recipient address. They could falsify bounces for recipients without knowing those recipients' email addresses. -- al iverson // wombatmail // miami http://www.aliverson.com http://www.spamresource.com _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
