ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: Reverse DNS

2003-06-19 13:58:35


Yakov Shafranovich wrote:

At 11:50 AM 6/19/2003 -0600, Selby Hatch wrote:

There are other ways to authenticate an email with a server. I have
suggested one such method. It requires no DNS and could be used for
static and dynamic IP addresses. If you have the IP address of the
originating email, it is possible to trace that back to some entity even
if it's dialup. The method is found at:

https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg05393.html

and goes as follows:

Sender authentication should be applied. A header called Sender-Auth or
Sender-Verification will be inserted into the message by the sending
server. It would consist of a delimited string containing the IP
address, server identification, and a timestamp. The string would be
preceded by the result of a function that was applied to that string as
it was sent by the originating server. A delimiter would separate the
function result from the string. The function would be implemented by
the server administrator and would be unique for that server or set of
servers.

A protocol would be employed such that a receiving server could request
that the originating server verify that the Sender-Auth header is
consistent. The originating server would be required to apply it's
function to the string as sent by the requesting server and then return
the result. The receiving server would compare the returned function
result with the result in the Sender-Auth header and if they match, the
sending server is authentic.


This basically would be Challenge/Response for mail servers, instead of C/R for email addresses.


True. And doesn't most spam originate from servers that they are trying to keep unidentified?


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>