ietf-mailsig
[Top] [All Lists]

Re: at last: draft-levine-mass-batv-00

2004-09-07 08:33:09

BATV is not a message data verification system. It simply allows you to
link a bounce to an original message sent by you. ...

If I as a spammer simply need to capture a *single* BATV
verification header for, oh say, aol.com and attach whatever
spam content I desire and bounce it through some dupe relay,
that is a *significant* problem.

I think you're reading way too much into BATV.  It's just a way to deal
with forgery blowback, basically to make it so that people can only send
you a bounce if they have a message from you to respond to.

My prototype only checks the signature on mail with null envelopes or mail
from addresses that start mailer-daemon(_at_)(_dot_)  If the signature fails, it
rejects the message.  If the signature is OK, my MTA strips off the
signature and treats it the same as any other mail.  This works very well,
since I can reject most of the virus and spam blowback at SMTP time
without reading the message.

The hooks for public keys are there so that friendly remote systems can
check the signature remotely and not send bogus bounces in the first
place.  It's not intended as strong validation for incoming mail.

The reason I put in a timestamp is so that viruses that scrape web pages
and come across old mail messages with signed addresses in the
return-path: don't find addresses that will validate.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.


<Prev in Thread] Current Thread [Next in Thread>