Re: MASS plus Sender-ID


Of course if the message is spam the chances are that you will recieve a few
tens of thousand copies.

If the message is phishing then the authentication to a web mail provider
doth not improve credibility. Hello, this is paypal sending you an email
thru yahoo...

Enail authentication is an opening, not the endgame.


 -----Original Message-----
From:   Jim Fenton [mailto:fenton(_at_)cisco(_dot_)com]
Sent:   Sun Nov 21 21:00:29 2004
To:     Justin Mason
Cc:     IETF MAILSIG WG
Subject:        Re: MASS plus Sender-ID


Justin Mason wrote:

hmm, you might be on to something there, that does indeed seem to be a
replay attack that can be used to deliver spam.

Indeed there is; see draft-fenton-identified-mail-01.txt section 9.1.4.  
The problem is that there is no way I can think of to differentiate an 
MTA that forwards mail to multiple addresses from a spam replay, other 
than intent and (possibly) the number of addresses that the messages is 
forwarded to.  It's hard to detect even the latter, unless you're a 
large enough domain to get a large number of copies of the same message 
with the same signature.

-Jim

<Prev in Thread]	Current Thread	[Next in Thread>
Re: MASS plus Sender-ID, (continued) Re: MASS plus Sender-ID, Justin Mason Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Justin Mason Re: MASS plus Sender-ID, Jim Fenton Re: MASS plus Sender-ID, Tony Finch Re: MASS plus Sender-ID, Michael Thomas Re: MASS plus Sender-ID, domainkeys-feedbackbase01 Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Mark Baugher Re: MASS plus Sender-ID, wayne Re: MASS plus Sender-ID, Hallam-Baker, Phillip <= Re: MASS plus Sender-ID, Michael Thomas

Previous by Date:	Re: MASS plus Sender-ID, wayne
Next by Date:	Re: MASS plus Sender-ID, Tony Finch
Previous by Thread:	Re: MASS plus Sender-ID, wayne
Next by Thread:	Re: MASS plus Sender-ID, Michael Thomas
Indexes:	[Date] [Thread] [Top] [All Lists]