ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Several Observations and a solution that addresses them all

2003-03-11 10:09:46
from [Jason Hihn] [Permanent Link] 
PSEUDO CODE:
user=left_of('@', email_addr)
domain=right_of('@', email_addr)
server=find_mx(domain)
socket=open(server, some_std_port)
write(socket, "VALIDATE user\n")
read(socket, response)
if (find(response, "USER UNKOWN"))
   valid=false;
else
   valid=true;

DONE

You can't EVER use headers because they are forgeable. You have to go right
to the source.
Incendentally, the other server's code is like:

bind()
while (con=accept()) {
        read(req)
      result=dispatch(req, con)
        write(result)
}

Dispatch is the heart of it all. It will pass on the request to sub mail
servers if it cannot be determined on this one. It also makes sure that the
connection comes from a recenelty sent-to domain to keep spammers from
asking for validations of email addrs out of the blue.



-----Original Message-----
From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu 
[mailto:Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu]
Sent: Tuesday, March 11, 2003 11:48 AM
To: Jason Hihn
Cc: ASRG
Subject: Re: [Asrg] Several Observations and a solution that addresses
them all


On Tue, 11 Mar 2003 09:35:41 EST, Jason Hihn said:


Validating a from address is trivial.


OK. It's trivial?  Validate the From address on this mail.  Explain in
detail what you did, and what steps you took to make sure that the
data you used wasn't faked. Sure- those Recieved: headers *LOOK* like
they're correct, but *are* they?

Now repeat your analysis, but this time for the following headers:

Received: from gwyn.tux.org (gwyn.tux.org [207.96.122.8])  by
steiner.cc.vt.edu (Mirapoint Messaging Server MOS 3.1.0.54-GA)
with ESMTP id ALY11182; Mon, 12 Aug 2002 12:57:12 -0400 (EDT)
Received: from gwyn.tux.org (localhost.localdomain [127.0.0.1])
by gwyn.tux.org (8.9.3/8.9.1) with ESMTP id MAA04906; Mon,  12
Aug 2002 12:55:01 -0400
Received: (from turnbull(_at_)localhost) by gwyn.tux.org (8.9.3/8.9.1)
 id MAA04868 for xemacs-design-mailman(_at_)xemacs(_dot_)org; Mon,  12 Aug
2002 12:54:38 -0400
Received: (from mail(_at_)localhost) by gwyn.tux.org (8.9.3/8.9.1)  id
MAA04864 for turnbull(_at_)tux(_dot_)org; Mon, 12 Aug 2002 12:54:38 -0400
Received: from turing-police.cc.vt.edu (natted.Sendmail.COM
[63.211.143.38])  by gwyn.tux.org (8.9.3/8.9.1) with ESMTP id
MAA04854; Mon,  12 Aug 2002 12:54:30 -0400
Received: from turing-police.cc.vt.edu ([127.0.0.1]) by
turing-police.cc.vt.edu  (8.12.5/8.12.5) with ESMTP id
g79D8j58001879; Fri, 09 Aug 2002 09:08:45 -0400
X-URL: http://black-ice.cc.vt.edu/~valdis/
Date: Fri, 09 Aug 2002 09:08:45 -0400
From: Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu
Subject: Re: TeXinfo 4.2 - We *SHOULD* Be Using It.
In-reply-to: "Your message of Fri, 09 Aug 2002 12:31:16 +0900."
<87k7n0r9mj(_dot_)fsf(_at_)tleepslib(_dot_)sk(_dot_)tsukuba(_dot_)ac(_dot_)jp>
Sender: xemacs-design-admin(_at_)xemacs(_dot_)org
To: "Stephen J. Turnbull" <stephen(_at_)xemacs(_dot_)org>
Cc: XEmacs Design <xemacs-design(_at_)xemacs(_dot_)org>
Errors-to: xemacs-design-admin(_at_)xemacs(_dot_)org
Message-id: 
<200208091308(_dot_)g79D8j58001879(_at_)turing-police(_dot_)cc(_dot_)vt(_dot_)edu>
MIME-version: 1.0
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4+dev
Content-type: multipart/signed; boundary="==_Exmh_-1612254088P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-transfer-encoding: 7bit
Precedence: bulk
X-Face-Viewer: See ftp://cs.indiana.edu/pub/faces/index.html to
decode picture
X-Face:
34C9$Ewd2zeX+\!i1BA\j{ex+$/V'JBG#;3_noWWYPa"|,I#`R"{n(_at_)w>#:{)FXyiAS
7(8t(
^*w5O*!8O9YTe[r{e%7(yVRb|qxsRYw`7J!`AM}m_SHaj}f8eb(_at_)d^L>BrX7iO[<!v4
-0bVIpaxF#-)
%9#a9h6JXI|T|8o6t\V?kGl]Q!1V]GtNliUtz:3},0"hkPeBuu%E,j(:\iOX-P,t7lRR#
X-XEmacs-List: design
X-BeenThere: xemacs-design(_at_)xemacs(_dot_)org
X-Mailman-Version: 2.0.1
List-Help: <mailto:xemacs-design-request(_at_)xemacs(_dot_)org?subject=help>
List-Post: <mailto:xemacs-design(_at_)xemacs(_dot_)org>
List-Subscribe:

<http://lists.xemacs.org/lists/listinfo/xemacs-design>,
<mailto:xemacs-design-request(_at_)xemacs(_dot_)org?subject=subscribe>
List-Id: Discussion of design and features for XEmacs.
<xemacs-design.xemacs.org>
List-Unsubscribe: <http://lists.xemacs.org/lists/listinfo/xemacs-design>,
<mailto:xemacs-design-request(_at_)xemacs(_dot_)org?subject=unsubscribe>
References: 
<microsoft-free(_dot_)x4k7n5m0l7(_dot_)fsf(_at_)eicq(_dot_)dnsalias(_dot_)org>
<200208052308(_dot_)g75N8XPl023203(_at_)turing-police(_dot_)cc(_dot_)vt(_dot_)edu>
<1028833151(_dot_)14162(_dot_)526(_dot_)camel(_at_)bobcat(_dot_)ods(_dot_)org>
<87k7n0r9mj(_dot_)fsf(_at_)tleepslib(_dot_)sk(_dot_)tsukuba(_dot_)ac(_dot_)jp>

How validated are you feeling now?  Incidentally, your validator *should*
have validated the above headers, as that's the looped-back headers from
an item I actually posted while travelling...

/Valdis

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Opt-out lists and legislation, Kee Hinckley
Next by Date:  Re: False positives (was Re: [Asrg] Re: RMX Records), Eric S. Johansson
Previous by Thread:  Re: [Asrg] Several Observations and a solution that addresses them all, Valdis . Kletnieks
Next by Thread:  RE: [Asrg] Several Observations and a solution that addresses them all, Kee Hinckley
Indexes:  [Date] [Thread] [Top] [All Lists]