JCL> BoxA is compromised.
JCL>
JCL> The zombie code sucks in a spamming engine (SE).
JCL>
JCL> The SE determines the mail configuration of BoxA in terms of
JCL> appropriate SMTP envelope etc from the registry.
JCL>
JCL> BoxA spams away using the stolen credentials from its registry.
J.C.,
Thank you--you've raised a reasonable, cogent objection.
As you note, RMX would not help against this kind of attack, and frankly
neither would any other proposal I'm aware of. If I can trick your machine
into thinking I'm you, then I can do bad things in your name and thus make
you look bad.
But right now, with SMTP the way it is, I don't even have to break into your
machine to accomplish that. I can make you look bad with impunity just by
writing your name on the "From:" addresses of emails I send, and there's
nothing you can do about it, even if you are a good, careful sysadmin.
I submit that RMX gives a significant improvement, and it's just simple/easy
enough that people might start using it!
Mike
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg