Current situation of my organisation: 3 mx servers (of which one is accualy at our location) 12 smtp-relay servers on completely different netblocks.
In your opinion, there should be 12 public keys stored for just our 1 domain? not to mention 3 public keys for our 3 mxs. Our situation is not uncommon, most organisations don't have just one office network. Besides the fact that someone has to store the keys on a central server, which can: 1) be hacked, which has the effect that mail cannot be send 2) be exploited by the 3th party trustee to make a lot of money (you want you mail to be send?) 3) be DDos'ed by kiddies to prevent all mail from being send. > - E-mail receiving server could check that 'very first original' From: line > and if it is same than the receiver address ie. '[EMAIL PROTECTED]' > > Perform an check to see if the 'sender identification' ie. salted public > key, GUID or something (X-Authenticated-Guid: #0a845d299ca340087140) exists > in mail header. Without a challenge system, I can simply copy the Guid from any mail. > > Delivery should be done only if an 'sender identification' exist and the key > > matches. > > Otherwise mail should be trashed to dev/null :) > > Waiting for comments and succestions... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
