> -----Original Message----- > From: Gordon Messmer > Sent: Tuesday, January 06, 2004 10:19 AM > To: Courier Users
> Sam Varshavchik wrote: > > Gordon Messmer writes: > > > >> Acknowledging that my opinion isn't worth much, this seems > >> stupid. > >> As described, the solution would require all of the work that SPF > >> does (http://spf.pobox.com/), plus additional computation. What's > >> the additional check get you? > > Forwarding will now work. > > Malcolm tried to impress upon me the same thing. The > description on cnn.com is not very technical. Who has the > private keys? How does forwarding work? It really isn't that complicated: As each message is injected into the "public" internet by a SMTP server, that message is signed with a private key controlled by whoever owns the injecting domain. >From that point on, anyone can query the DNS for that domain and get a public key; if the public key doesn't "unlock" the message, it *is* forged, and can be immediately dropped. SPF can only suggest that it might be forged, and use that information to feed into subsequent filters; Yahoo's scheme is authoritative. Further, using SPF every stage (relaying or forwarding) must provide SPF sender verification otherwise there is no benefit. Using Yahoo's crypto scheme, you can copy the message onto a floppy disk and hand carry it around and at the other end you can still authenticate the message. The issues that seem to me as still need clarification/definition are these: if my return address is not in the same domain as the "injecting" server, a specific header would be useful to encapsulate that plus (idealistically) the authenticated sender's name (or the lack thereof). The recipient could then do the following: * If the public key of the sender's domain validates the message, the message is authentic and should be delivered. * If that key *doesn't* work, but that of a listed "injecting" host does, then you have a relay or third-party sender -- but you definitively *know* that, and can make decisions before attempting delivery (e.g. check the injecting host to see if it's listed in a blacklist). * If the sender's domain and the injecting host have public keys, and the message doesn't have a signature, then the message is a forgery and can be dropped without further effort. * If the sender's domain has a key but there is no indication of an injecting host nor a signature, then the injecting host may not understand the new scheme, OR the message may be a forgery. However, it is likely that it will be possible to determine (via "Received-From" lines) if there was a separate injecting host, and if not, simply drop the message. Of course, the alternative is to insist that if you want to send a message with a sender address in a given domain, you must use that domain's server. With authenticated MTA's, that isn't too onerous, but it will impact some folk (particularly mass marketers... Dearie dearie me!) In the particular case of Yahoo (and clearly this colors their thinking) they can pretty much unilaterally decree that "if you use a @yahoo.com address and you want the message to have a valid signature, you must send using Yahoo's servers". This may sound draconian, but it *is* Yahoo's staff who deals with complaints about forged messages allegedly showing a Yahoo return address (and, given I know the person who has an address similar to "jane at yahoo.com", the amount of forged spam with that address is astonishing. Luckily, she used to head Yahoo's eMail customer service team...) Malc. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
