On Tue, May 06, 2003 at 10:26:28PM -0700, Daniel Erat wrote:
If RMX use becomes widespread, spammers will likely avoid rejections
by adding RMX records for their own domains, using empty MAIL FROM
addresses, and using forged MAIL FROM addresses belonging to domains
that have not added RMX records. I see nothing to prevent spammers
from continuing to use forged RFC 822 From: addresses, though.
This is indeed an important point (which I addressed in my draft).
The empty envelope sender address is a severe problem which
could be abused by spammers, no doubt. This is broken by design
and not easy to fix. However, these mails are limited to a certain
class of error messages. There are other ways to cope with it,
e.g. could they be required to have a reply-to header to a
message-id of a former message recently delivered. Or need to
have a subject of an error message. But I do agree that this
empty sender address is a design flaw (of SMTP).
Another problem is that MUAs do display the From: address only.
This is not a severe problem, since the RMX does not require
user interaction. RMX works without needing the MUA to display
the envelope sender address.
There are two reasons why my draft didn't cover the From: address:
- The receiving MTA simply doesn't know it before receiving the
full message body. RMX was designed to be effective in a very
early state of message transmission, i.e. after MAIL FROM
- The semantic of the From: header line is not very clear, especially
in context of forwarding, mailing lists and "message bouncing".
Take this particular message you are reading right now (you
get it twice, take the version that came from the mailing list processor)
It comes from the ASRG mailing list, so it has an envelope sender
address from ietf.org. That's what is used to be verified by RMX.
But the From: header line says hadmut(_at_)danisch(_dot_)de, because that's
the message's content. The sender of the message is ietf.org, and
it says the author of the body is hadmut(_at_)danisch(_dot_)de(_dot_)
It is this subtile difference in semantic that makes it difficult
to use the From: header line for authentication.
If you want to have transfer authenticity, you need to use
the transfer address (e.g. RMX)
If you want to have content related authenticity, you need to
use the body address (e.g. with PGP or S/MIME). This does provide
a very high level of security, but it is unrealistic to believe
that we could get this deployed world wide.
Hadmut
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg