README - metacpan.org

Mail/Address/Tagged version 0.01
================================

This module is based on an application written in Python, details of
that application are available here http://sourceforge.net/projects/tmda/

This module implements objects that generate and validate tagged email
addresses.  These are intended primarily for anti-spam applications.
The module assumes that for a given user (user@domain.net) addresses
of the form userTAG@domain.net will be delivered to the user (for all
values of TAG).  qmail and courier are both capable of this kind fof
delivery.

The address generated contains extra information, e.g. the date when
it will expire, who may use it to send you mail etc.  A cryptocraphic
hash of this extra information is also included in in the address.
This Hashed Message Authenticaion Code (HMAC RFC 2104) is your
guarantee that the information contained in the address has not been
tampered with.

This module can deal with three different types of tagged address.
They are all extensions of a users normal email address and are
constructed in a similar manner.  Where the normal address is
user@host.com, the tagged address takes the form
user-tagtype-tag@host.com.

The three supported address types are confirm, dated and sender.

Confirm addresses must contain a time (in unixtime) and the process id
of the process that generated them, they may also optionally contain a
keyword.  They include the process id so that the system can deal with
more than one message a second.  Addresses of this type are used to
request verification that a message should be delivered.  Your mail
filter sends a mail to the person you just received mail from asking
them to reply to the confirm address.  If they reply within a given
period of time then their mail is delivered as normal.  The point
being that automated mailers are unlikely to be able to respond in
this way so spam will not get through.  If a persistant spammer does
reach your mailbox, then you can always black list the address they
are using.  The keyword when it is supplied is the type of
confirmation being asked for.  All three bits of information are
combined and a cryptographic hash is taken of the result, these bits
of info are then combined like this.

  user-confirm-keyword.time.pid.HMAC@host.com

When mail like this is received, the bits can be separated out and a
new HMAC generated, if it matches the one in the address, then this is
a valid address.

Dated addresses have an expiry time and are used to accept mail up to
a given time.  They end up in the format

  user-dated-time.HMAC@host.com

The third type of supported address is sender, this takes the form

  user-sender-HMAC@host.com

The HMAC here contains a hashed copy of an email address.  When mail
of this form comes in, the sending address can be checked against the
HMAC if they don't match then appropriate action can be taken
(disposal or confirmation request etc.).

INSTALLATION

To install this module type the following:

   perl Makefile.PL
   make
   make test
   make install

DEPENDENCIES

Test::More
Digest::HMAC
Digest::SHA1

COPYRIGHT AND LICENCE

This program may be distributed under the same conditions as perl.

Copyright (C) 2001 Andrew Wilson

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)