On Wed, May 07, 2003 at 10:12:05AM +0200, Hadmut Danisch wrote:
[snip]
Another problem is that MUAs do display the From: address only.
This is not a severe problem, since the RMX does not require user
interaction. RMX works without needing the MUA to display the
envelope sender address.
There are two reasons why my draft didn't cover the From: address:
- The receiving MTA simply doesn't know it before receiving the
full message body. RMX was designed to be effective in a very
early state of message transmission, i.e. after MAIL FROM
- The semantic of the From: header line is not very clear, especially
in context of forwarding, mailing lists and "message bouncing".
Take this particular message you are reading right now (you get it
twice, take the version that came from the mailing list processor)
It comes from the ASRG mailing list, so it has an envelope sender
address from ietf.org. That's what is used to be verified by RMX.
But the From: header line says hadmut(_at_)danisch(_dot_)de, because that's
the message's content. The sender of the message is ietf.org, and
it says the author of the body is hadmut(_at_)danisch(_dot_)de(_dot_)
It is this subtile difference in semantic that makes it difficult
to use the From: header line for authentication.
If you want to have transfer authenticity, you need to use
the transfer address (e.g. RMX)
If you want to have content related authenticity, you need to
use the body address (e.g. with PGP or S/MIME). This does provide
a very high level of security, but it is unrealistic to believe
that we could get this deployed world wide.
I understand why RMX is not able to examine RFC 822 headers. My point
was that RMX does nothing to curtail the sending of messages with
forged 822 From: addresses. Since this is the only sender address
that most users see, and the address that replies go to (in absence of
a Reply-To: or related header), I disagree with the assertion that
this is not a severe problem.
Even if it is conceded that widespread adoption of RMX will prevent
forged envelope MAIL FROM addresses of participating domains and that
this widespread adoption is feasible, it remains controversial that
RMX will cut down on the volume of spam being received (how will
blacklisting domains be more effective than the current method of
blacklisting ranges of IP addresses?). What's to keep spammers from
using their own RMX records or an envelope from address belonging to a
domain that hasn't implemented RMX, along with forged 822 From:
addresses, to acheive the same effect that they do currently? In the
second case (forged envelope address from non-RMX domain), even
assuming correct WHOIS data, how can the true identity of a spammer be
found through RMX?
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg