Domains should have to publish in their DNSs the message-id (among any
other thing) through a TXT or A record of any legit mail sent by them.
The TTLs of those records can be adjusted to compensate for queued
mails, etc.
I take it you mean the message-id is somehow converted into a domain name and a
DNS lookup is performed against that DNS and if the A or TXT record for that
domain is some kind of affirmative value, this means that this is a 'valid
message-id'?
I've got many doubts about this: do people who fall for such scams care about
the value of From? Doesn't this have the same issues as SPF -all and ADSP? Does
this scale? But my most important concern is: wouldn't it be trivial to perform
a relay attack using this method?
When you receive a mail from A and "aparently" from B you can query A
and B DNSs looking for the message-id the mail has. If you have a
nxdomain or whatever error from them you can score the mail as
phishing! ..on the other hand if you have a hit from at least one of
them you can be confident that this is the real domain that sends that
mail or it sends it on behalf the real address!
I don't get this. Are you saying that if I send an email with MAIL FROM:
example.com and Header From: paypal.com and the message-id on example.com that
I can then get this message-id validated simply because I happen to control
example.com?
Martijn.
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg