On 4/3/04 at 9:49 AM -0800, Ned Freed wrote:
There's one other alternative that needs to be on the list: Perform
a check of Resent-from: if it is present and From:. The analysis
isn't materially different from the From:/Sender: checking case.
Agreed. In fact, I think the matter of checking domains that appear
in the message data actually may mean developing some algorithms. For
instance, checking the domain from one of Resent-Sender, Resent-From,
Sender, and From, *in that order*, may be sufficient. Checking
List-ID (which may not have an obvious domain name to check) or other
List-* fields might be interesting. Overall, this says to me that
"message header identities" might need to be considered as a set.
Given these tradeoffs, I would say that protecting the MAIL FROM
(Return-Path) is of the most value. After that, protecting the
From: header is of potentially greater value to a much smaller set
of domains.
Protecting HELO/EHLO is of negligible value, as the HELO/EHLO value
is not used for anything important.
I concur with this conclusion.
Protecting HELO/EHLO is valuable insofar as you establish a "chain of
responsibility". Independent of some sort of reputation/accreditation
database, that's not of much use, but at least it allows you to get
into that game at some point. It's especially valuable if there is no
MAIL FROM.
More and more, I'm thinking that we should say (in answer to the
original question posed about which "identity" we want to consider)
that we should consider *all* of HELO/EHLO, MAIL FROM, and message
header "identities". That is, whatever mechanism we come up with, it
should allow a domain to publish information about any of these
"identities".
(Can you tell that I hate the word "identities" in this context? I'm
always tempted to ask, "The identity of what? The message? The
sending MTA? The person who sent message?" I'd rather we had
different terminology for this, but it's probably too late for that.)
I don't think we should spend time in this group worrying about
proposals which do not deal with domains contained in the message
stream (e.g., things that use the .arpa domain).
pr
--
Pete Resnick <http://www.qualcomm.com/~presnick/>
QUALCOMM Incorporated - Direct phone: (858)651-4478, Fax: (858)651-1102