I take it you mean the message-id is somehow converted into a domain name and
a DNS lookup is performed against that DNS and if the A or TXT record for
that domain is some kind of affirmative value, this means that this is a
'valid message-id'?
message-id is already close in that form. It has
something_random_unique_time_process@domain
I've got many doubts about this: do people who fall for such scams care about
the value of From? Doesn't this have the same issues as SPF -all and ADSP?
Does this scale? But my most important concern is: wouldn't it be trivial to
perform a relay attack using this method?
SPF checks against envelope MAIL FROM: ...users dont know even that
this thing exists ! they blindly trust on mail header From:
How would be a relay attack? evils dont know every random message-id
of a mail server legit mail. Are they going to query "every" random
string? ....now you can query what you want on a DNS server...what is
the difference?
I don't get this. Are you saying that if I send an email with MAIL FROM:
example.com and Header From: paypal.com and the message-id on example.com
that I can then get this message-id validated simply because I happen to
control example.com?
sorry, I meant both of them ! you are obviously going to get the
validation from the evil domail but you also need one from phished
domain. The last one is only true if the mail was sent by paypal.com
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg