后验式电子邮件验证 [英] posterous style email verification
问题描述
我正在考虑创建一个类似于后缀的服务,用户可以在post@domain.com上发布固定的地址,然后验证帖子将基于地址和标题签名的一些组合。 Posterous似乎正在做一些聪明的事情,以便他们可以检测到一条消息是否被欺骗或从一个未知来源发送。
任何人都知道他们可能在做什么? p>
您可以使用一些基本的启发式方法来尝试检测。
最基本的是查看以前的电子邮件的始发主机和标题,看看它们是否与以前的电子邮件相匹配。如果海报的电子邮件域使用SPF,您可以验证IP地址是否有权代表该域发送。欺骗电子邮件很容易 - 很难欺骗电子邮件,实际上它来自与以前的邮件来自哪里的子网。但是也可以颠覆。
首先,您发布的电子邮件应该是随机的,与任何显示名称无关。这让网络上的随机陌生人知道在哪里发布。
你也可以走得更加复杂,实现一些机器学习的东西(甚至更简单的启发式)来迎接风格,但这将是或者只是跛脚,收到邮件后,将邮件反馈给海报,并附上一个链接以验证和/或特殊的信息。令牌作为主题发回(如果他们从没有浏览器的手机发布等)。
I was thinking about creating a service similar to posterous where users can post to a fixed address like post@domain.com and then authentication of the posts would be based on some combination of the from address and header signature. Posterous seems to be doing something clever so that they can detect if a message is being spoofed or sent from an unknown source.
Anyone know what they might be doing?
There are some basic heuristics you could use, to try to detect it.
The most basic thing would be to look at the originating host and headers of the previous emails and see if they match previous ones. If the poster's email domain uses SPF you can verify the IP address has permission to send on behalf of that domain. It's easy to spoof an email - it's harder to spoof an email and actually have it originate from a subnet that matches where your previous mail has come from. But that can be subverted, as well.
First off, the email you post to should be random and unrelated to any display name. This keeps random strangers on the net from knowing where to post in the first place.
You could also go far more sophisticated and implement some sorts of machine-learning-ish things (or even more straightforward heuristics) to pick up on style, but that would be much tougher to get right.
Or just be lame, and upon receipt of a post, fire back an email to the poster with a link to verify and/or a special token to send back as a subject (if they're posting from a phone, etc. with no browser).
这篇关于后验式电子邮件验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
