It is very easy to forge domain information in email.
Two simple cases:
* Forging the SMTP mail from address; and
* Inserting a false received line or resent-from header.
In essence this involves using someone else's domain without
Also, many who forge domain information also apparently send
direct from an IP address to the recipient's mail server.
Shouldn't we have stronger checks to prevent these types of
One approach is to run a mail from check at the data stage using
the SPF record format and test protocol.
Another is to run an ehelo or helo check using client smtp
Keep in mind those engaged in email forgery (which for
sophisticated operators is a form of criminal fraud) will likely
adopt approaches to muddy and defeat authentication, so that
those engaged in fighting email forgery will need to use a range
of tools, recognizing that although one data set might be
corrupted, matching of data against a number of identifiers will
likely generate better results.
(I am basing these general comments on existing research and
studies carried out by others in the criminal forensics field.)
Amending the Sender-ID drafts to reflect using a number of
data sets is one option.
My personal recommendation is that a best current practices
document be published concurrently with any authentication
technologies recommended by this WG which would in essence
recommend receivers run PRA checks using Sender-ID:
Authenticating Email, mail from checks using the SPF record
format and test protocol and ehelo/helo checks using client
It may also be appropriate to establish a steering group to
review and propose document updates on a regular basis, although
there may be other ad hoc groups which could include this process
within their mandate.
The FTC Calls For Sender Authentication
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 11/08/2004