RE: [Full-Disclosure] Improving E-mail security...

Wed, 27 Aug 2003 09:09:54 +0000

Title: RE: [Full-Disclosure] Improving E-mail security...

Sounds interesting, though sending and receiving relays aren't always the same.

--E

-----Original Message-----
From: Bengt Ruusunen [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 26, 2003 4:15 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Improving E-mail security...


Hello,

As everybody knows that recent viruses spread via sending spoofed 'sender
address'.

fex.

I am a person '[EMAIL PROTECTED]' and got so called 'return mail' from
'[EMAIL PROTECTED]' telling that mail sent by me (which I
never sent in a first place) cannot be delivered. Obviously containg
somekind malware as an attachment.

This kind of 'spread method' could easily stopped if the mail servers
include some kind of fingerprint to the passing E-mail.

If the return mail (mail receiver server checks this against an private key
or something) does not contain an fingerprint then the returned mail should
not be delivered 'back to the sender'.

Rather clever way to counterfeit the sender address, it might double the
infection if the bounce to the 'sender' leads to infection.

Now, what this kind of 'hardening' might need is...

- E-mail receiving server could check that 'very first original' From: line
and if it is same than the receiver address ie. '[EMAIL PROTECTED]'

Perform an check to see if the 'sender identification' ie. salted public
key, GUID or something (X-Authenticated-Guid: #0a845d299ca340087140) exists
in mail header.

Delivery should be done only if an 'sender identification' exist and the key
matches.

Otherwise mail should be trashed to dev/null :)

Waiting for comments and succestions...

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


------------------------
This message is part of a discussion named:
Full-Disclosure
and can be found at:
http://mindshare.intraspect.com/gm/message-1.24.1466530



Reply via email to