On Jul 6, 2007, at 6:56 PM, Dave Crocker wrote:
Steve Atkins wrote:
so, perhaps, an SSP record by the signing domain that says
MailFrom is valid?
Possibly. What's the problem you're trying to solve?
I really hate it when people ask pragmatic questions like that. I
mean, really Steve, didn't you know that value propositions are
soooo pasé?
But I suppose I have to answer it:
I'm about to generate a bounce-category message. If I'm suspicious
enough of the original message, I might decide not to. By way of
trying to squelch bad bounce traffic at its source.
Given the DKIM sig and the "Return" SSP record, I'll generate it
since the return address domain has said it's valid.
It really depends on the threat model.
If you're just trying to avoid random backscatter, then a header that
says "X-Really-From: dick(_at_)earthlink(_dot_)net" in a mail with a return path
address of dick(_at_)earthlink(_dot_)net and a DKIM signature that explicitly
covers the "X-Really-From" header would be adequate.
The only case that won't catch effectively is the case where all the
following are true:
1. The return path is not that of the sender
2. The sender maliciously adds an X-Really-From header that is
identical to the return path
3. The sender is an authorized user of the same domain as the
claimed return path
4. The ISP stamping DKIM is not aware of the X-Really-From header
convention (so isn't removing or replacing it)
5. The ISP stamping DKIM is signing all headers, rather than a
fixed list
Whether that's adequate or not depends on the threat you're trying to
defend against.
John Levine wrote:
> Personally, I'd rather use BATV.
That filters at the destination, not the source.
Unless you use the near-mythical public-key version, but that does
just move around where you want to do the cryptography.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html