ietf-asrg
[Top] [All Lists]

Re: [Asrg] 3b. SMTP Session Verification - explicit source routes]

2004-01-18 07:41:22
Daniel Feenberg wrote:



On Sun, 18 Jan 2004, Jon Kyme wrote:

Jon Kyme wrote:
But of course, these source routes MUST NOT be truly *explicit* -
or a
new
channel for abuse is opened up - the "bounce path".


I found an example about these source routes in RFC2821, Page 75:



Is this so significant that it has to be addressed? After all, is it so
terrible that, if joe(_at_)example1(_dot_)com wants his mail forwarded to
joe(_at_)example2(_dot_)com, he wants example2.com to have some anti-spam 
mechanism
in place? Furthermore, if example2.com wants to base its decision on
the original connection address, it has a very easy decision to make,
since the message should have come from example1.com, any other would be
invalid. Or am I misunderstanding the problem? Can someone make the new
spam path explicit?





I think the problem is that this requires example1.com to have that
anti-spam mechanism in place also.

Consider:

alice(_at_)sender(_dot_)example  addresses mail to 
bob(_at_)recipient(_dot_)example

recipient.example MX points to intermediate.example

bob and all his colleagues wish to use some SPF based system.
So they deploy it on recipient.example.

To make things work simply (including bounces) the nice people at 
intermediate.example arrange to do sender rewriting so that alice's mail
comes to bob with a sender address (envelope) of
alice**sender(_dot_)example(_at_)intermediate(_dot_)example(_dot_) 
All is well.

Now, if alice sends mail to no-such-person(_at_)recipient(_dot_)example
the sender is rewritten as above, recipient system can form a DSN and send
it to alice**sender(_dot_)example(_at_)intermediate(_dot_)example, intermediate 
can decode
this "address" and determine that the DSN needs to go to to
alice(_at_)sender(_dot_)example

All is well.

Now, sadly, I come along and send my viagra-adv to
alice**sender(_dot_)example(_at_)intermediate(_dot_)example,
carol**sender(_dot_)example(_at_)intermediate(_dot_)example,
...

In this *simple* *dumb* example intermediate is an open relay.

Or am I missing something?

As far as I can tell, it seems that one has to either (a) secure
the sender-rewriting /decoding or (b) to require that intermediate has some
highly effective antispam protection in place or (c) throw away bounces.
I'd guess (a) is going to be better.


    






--

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg