[courier-users] RE: freemail list and questions about yahoo...

Tue, 06 Jan 2004 16:13:43 -0800 

Malcolm Weir <[EMAIL PROTECTED]> wrote:
> Gordon Messmer wrote:
> > Sam Varshavchik wrote:
> > > Forwarding will now work [with the Yahoo proposal, unlike with SPF].
> > 
> > Malcolm tried to impress upon me the same thing.  The
> > description on cnn.com is not very technical.  Who has the
> > private keys?  How does forwarding work?
> 
> It really isn't that complicated:

First, thanks for explaining the Yahoo proposal, or YASAF (Yahoo Anti Sender Address 
Forgery), as I'll call it.  That was the first explanation that included enough 
technical detail for me to be able to understand YASAF.

> As each message is injected into the "public" internet by a SMTP server,
> that message is signed with a private key controlled by whoever owns
> the injecting domain. 
> 
> From that point on, anyone can query the DNS for that domain and get a
> public key; if the public key doesn't "unlock" the message, it
> *is* forged,
> and can be immediately dropped.  SPF can only suggest that it might be
> forged, and use that information to feed into subsequent filters;
> Yahoo's scheme is authoritative.  Further, using SPF every stage
> (relaying or forwarding) must provide SPF sender verification otherwise
> there is no benefit.  Using Yahoo's crypto scheme, you can copy the
> message onto a floppy disk and hand carry it around and at the other
> end you can still authenticate the message. 

I don't see what SPF does NOT do (to prevent sender domain forgery) that IS being done 
by YASAF.

SPF, for a given domain, prevents rogue SMTP servers, that are unauthorized to send 
"from" that domain, from delivering mails to an SPF-protected server.  You as a domain 
owner can even authorize 3rd party servers (like your ISP's ones) to send mail "from" 
your domain.

The "you can carry a YASAF-protected mail on a floppy disk and still verify its sender 
domain's authenticity" argument is bogus.  Why would you actually want to perform the 
verification anytime *after* the mail has been received by your "side" in the first 
place?  For reliability's sake (from a legitimate sender's point of view), you'd want 
to reject invalid mails right in the SMTP dialog anyway instead of just dropping mails 
or even generating concrete bounce messages.  And even if there were a real reason to 
perform "late" verification, you could do the same with SPF.  Just check the 
delivering IP address in the apropriate "Received:" header (i.e. the oldest header you 
trust).

Why can SPF only "suggest" that a sender address is forged?  What's the difference 
from YASAF in this regard?

Further, the YASAF private keys can't be handed out to users for them to sign their 
messages themselves (and use whatever SMTP relay they want), or to other untrusted 3rd 
parties.  This means that users are required to use SMTP servers that have access to 
the private key, which will usually be the domain owner's trusted servers only.  This 
in turn means that YASAF prevents domain owners from authorizing (untrusted) 3rd party 
servers to send mail from their domain, while SPF does support this.

SPF's concept is most natural, as it basically represents the reverse of the DNS MX 
record type, plus it brings some extensions.  I don't see why this is not enough to 
effectively prevent sender address forgery.



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to