ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] DKIM role?

2008-11-19 17:17:45
from [Franck Martin] [Permanent Link] 
what about sending the NDR to postmaster(_at_)example(_dot_)com ? 

and does the DKIM is not related to the domain of the first MTA sending, so you 
can send to postmaster(_at_)MTADomain ? 

For the report to be useful, you need to send it to someone that care, or 
should be caring.... 

----- Original Message ----- 
From: "Rich Kulawiec" <rsk(_at_)gsp(_dot_)org> 
To: "Anti-Spam Research Group - IRTF" <asrg(_at_)irtf(_dot_)org> 
Sent: Thursday, 20 November, 2008 9:56:37 AM (GMT+1200) Auto-Detected 
Subject: Re: [Asrg] DKIM role? 

On Wed, Nov 19, 2008 at 06:55:59PM +0000, Ian Eiloart wrote: 

The latter. There's no point in sending a NDR in response to malware 
or spam (and many reasons not to). Just reject it outright during 
the SMTP conversation, and let the sending system deal with that. 


Agreed, but the OP's point was that such a reply (which may be unrelated 
to the message source or content) can be sent if you're sure the message 
was sent by the owner of the envelope sender - ie with a DKIM pass. 


But (a) that doesn't mean it was really sent by the user and 
(b) it still doesn't serve any useful purpose. 

Let's put aside (b) for the moment and focus on (a). One of the things 
I've noticed about quite a few mail servers over the past several years 
is that while an increasing number of them are moving to require user 
authentication (even when sending from networks local and known to 
the mail server) that (1) many don't and (2) some which do don't force 
the envelope-sender to match the authenticating user. In the case of (1), 
many mail servers still seem to allow submission from local/known networks 
with no authentication...which in turn means that any system on those 
networks can send mail as any user known to the mail server, which in 
turn means that a batch of spam purportedly from mary(_at_)example(_dot_)com 
may 
not have anything to do with mary or mary's system. (Note that malware 
resident on any end-user system local to mail.example.com is likely to 
find a sizable list of users to choose from simply by rummaging through 
the contents of disk.) In case case of (2), a system authenticating 
as mary(_at_)example(_dot_)com may be able to send traffic as 
john(_at_)example(_dot_)com, 
depending on its capabilities and configuration. (I'm aware of a number 
of variations on this, including one site that deliberately left this 
open in order to allow mary to send as mary(_at_)example(_dot_)com, 
mary(_dot_)smith(_at_)example(_dot_)com, etc., and is counting on their 
post-processing 
of logs to detect any exploitation of it.) 



_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] DKIM role?, Rich Kulawiec
Next by Date:  Re: [Asrg] Email Postage (was Re: FeedBack loops), Seth
Previous by Thread:  Re: [Asrg] DKIM role?, Dave CROCKER
Next by Thread:  Re: [Asrg] DKIM role?, Rich Kulawiec
Indexes:  [Date] [Thread] [Top] [All Lists]