Sometimes, the words we use to discuss a problem can have a big
impact on the way we think about solving it.
Often, it is observed that the "From" and other headers in mail
messages can be easily forged. What this technical fact means, when
translated into "Plain Speak" is that:
All mail is anonymous...
Since the headers are easily forged, this means that you can't
"trust" anything said in the "From" header. Thus, even when someone
sends an unforged From header, it provides essentially no useful
information on its own. The best you can do with a "From" header on its
own is "white-list" or "black-list" it. For instance, you may regularly
communicate with someone named "Tom Jones" and you may know that you
have not yet received spam from anyone forging the name "Tom Jones."
Knowing this, you might have a policy of opening mail that comes from
"Tom Jones." However, what you're doing here, at best, is playing the
odds and relying on experience with the mail system rather than relying
only on the message received. The "information" you get from the header
isn't so much that it came from Tom Jones, but rather that the From
field is not one that you have seen come from a spammer.
The situation is much the same with postal mail. With postal mail,
the only identification you have of a sender is what may appear on the
envelope. However, as we learned well during the anthrax scare of last
year, the 'return address' is essentially "information free" in that it
contains no trustworthy information. Some might suggest that you can
compare the return address to the cancellation on the stamp (such
cancellations often identify the post office from which the mail was
sent) however, a policy of always refusing mail whose return address
didn't match the cancellation would not be a good one. Much mail comes
without a cancellation (for instance, commercial mail) and often,
someone will post a letter from a post office not local to the return
address.
There are, of course, some mail systems that do provide
"trusted" From fields and headers. For instance, systems which rely on
S/MIME or other PKI solutions. I know of no systems for sending postal
mail with a verifiable return address.
This business of "anonymous" FROM fields was one of the reasons
why some folk objected to the conversion to SMTP back in the 80's. For
instance, those of us using VMSmail or other Digital email systems
(ALL-IN-1, etc.) had learned the hard way that FROM fields could be
easily forged. This is why our mail systems included both a "FROM" and a
"SENDER" field. The FROM field was provided by the author of the mail
(or their client software) and was easily forged while the "SENDER"
field was inserted by the mail server and identified the account that
had been used to originate the email. The same approach was incorporated
into X.400 mail, the ISO standard. While mail servers could still, of
course, forge their entries, some level of increased trust results in
such systems since there are simply fewer servers in the world and thus
fewer potential message sources that need to be trusted.
I believe that an important part of a comprehensive solution to
the spam problem will be to provide effective and efficient methods for
sending messages that are not anonymous. There are many known methods
for doing this. All have positive and negative points. But, one of the
known methods, or one that is yet to be described will need to be chosen
before we have a comprehensive solution to the spam problem.
bob wyman
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg