ietf-mxcomp
[Top] [All Lists]

RE: alternate submitter syntax

2004-07-28 19:07:53
Yes,

 

However Meng seems to be saying that SUBMITTER does not need to match
the header in RFC.2822 that is presented to the end users MUA as the
FROM address. He is quite adamant that the SUBMITTER address need not be
the address that the end user is presented with. 

 

And there is no direct SPF checking of RFC.2822 headers.

 

So how does this stop phishing. 

 

Regards,

Terje.

 

 

 

  _____  

From: Daryl Odnert [mailto:daryl(_dot_)odnert(_at_)tumbleweed(_dot_)com] 
Sent: Thursday, 29 July 2004 3:24 AM
To: Terje Petersen; IETF MARID WG
Subject: RE: alternate submitter syntax

 

SCENERIO-B:   SUBMITTER parameter IS supported on MTA. 

      MAIL FROM     =   BOUNCE ADDRESS  (NOT SPF TESTED) 
      SUBMITTER     =   OTHER ADDRESS   (SPF TESTED) 
    RFC.2822.FROM =   REPLY ADDRESS   (NOT SPF TESTED) 


And in this second scenario I think you are saying that the addresses 
can all be different. Which does not seem to solve the phishing
problem. 
So what am I missing here? 

I think what you're missing is this, from
draft-ietf-marid-submitter-02.txt: 

   If the receiving SMTP server allows the connecting SMTP client to 
   transmit message data, then the server SHOULD determine the purported

   responsible address of the message by examining the RFC 2822 message 
   headers as described in [SENDER-ID].  If this purported responsible 
   address does not match the address appearing in the SUBMITTER 
   parameter, the receiving SMTP server SHOULD reject the message and 
   when rejecting MUST use "550 5.7.1 Submitter does not match header." 

Daryl Odnert 
Tumbleweed Communications 
Redwood City, California 

<Prev in Thread] Current Thread [Next in Thread>