In article <CAAQnKjA050BzU4jG-DgMP7Z30fk+jVBWe0mTjX1ipJFHnv=w...@mail.gmail.com> you write: >Missing the point there. It has nothing to do with knowing the To: >address for a given recipient. If the VERP string fields are just >simple numeric identifiers, a bad actor could send ones with >incremented or otherwise changed numbers to make the bounce handling >system log bounces to the wrong recipient address. They could falsify >bounces for recipients without knowing those recipients' email >addresses.
This still strikes me as what's known as a movie plot threat. Yeah, hypothetically someone could do it, but compared to other threats it seems way down on the list to worry about. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
