ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] 1a. Inventory of Problems - Spoofed mail addresses

2004-02-09 23:12:13
from [Walter Dnes] [Permanent Link] 
On Fri, Feb 06, 2004 at 03:13:02PM -0600, david wrote


Here's how the pay2send.com Advenge SMTP daemon deals with Brett
Watson's scenario:

Chris knows at least one of Bob's "magic phrases" which he
used to get on Bob's whitelist in the first place.

The Aardvark article sending service allows Chris to write
an introduction to the article (all article sending services
I have used have this facility) and Chris includes the
magic phrase ("transferrable mnemonic capability key" for the security
theorists) in the introduction.

Bob receives the article and the introduction in one e-mail, which
passes the filter since the introduction includes the magic phrase.


  This pre-supposes that Bob uses body filters, i.e. waits till after
the DATA: stage before rejecting any email.  Yes, it is possible and
legal to issue a 5xx reject at the end of the DATA: stage, but then
Bob's MTA (or of Bob's inbox provider) has to expend the bandwidth of
accepting the body in the first place.


As a special case, consider:

      (1) Chris has registered a RAPNAP preference list,
which for ASRG purposes is a per-sender RMX list

      (2) Aardvark forwarding uses the forwarding requestor's
e-mail address as the source address for the forwarded article
(Amazon.com apparently currently does this with book reccommendations)

If 1 and 2 are both true, Chris will receive a challenge concerning
mail from him originating at a new peer...


  I do *NOT* relish the thought of receiving "a challenge concerning a
virus from me originating at a new peer" for every virus email sent out
with my address forged as the sender.


lemma (2) is true, but Chris has registered a public key with the
server infrastructure rather than a Peer Network Address list.
In order to get past the Advenge filtering system,


  Context please.  Is Advenge "Aardvaark" or is it "Bob" ??


Chris has to public-key-sign the text he pastes into the introductory
text control in Aardvark's article forwarding form.


  If Advenge => "Aardvaark" maybe.  Otherwise, we're back to Bob having
to accept the body.

-- 
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Chris Lewis
Next by Date:  Re: [Asrg] 2. Improving Blacklists and Reputation Services, Walter Dnes
Previous by Thread:  Re: [Asrg] 1a. Inventory of Problems - Spoofed mail addresses, david
Next by Thread:  [Asrg] Re: 1a. Inventory of Problems - Third party submit (was Spoofed mail addresses), Za'mbori, Zolta'n
Indexes:  [Date] [Thread] [Top] [All Lists]