ietf-mxcomp
[Top] [All Lists]

RE: TECH-OMISSION: Security vulnerability - Malicious DSN attack s

2004-08-30 16:03:04
Hello Chris,

I still strongly disagree that the vulnerability you are concerned
about is made worse by Sender ID.  As you've explained, Sender ID
does add a new way to get a recipient's MTA to reject a message.
But there are already several ways to make this happen, so I just
don't see this as a fair criticism of Sender ID.

However, in the interest of clarity, I think that in your example,
you need to make it explicit that the participant P does not perform
any Sender ID test before accepting responsibility for relaying the
message from A, nor does it add any RFC 2822 headers that would change
the Purported Responsible Address of the message.

I think you also need to make it clear that P would have to be
configured such that it accepts mail from submitter's IP address where
the MAIL FROM address is V and where the recipient address is in a different
domain (R) that might perform a Sender ID test on inbound SMTP mail.
Normally, only MTAs that are operated by (or trusted by) V for outbound
SMTP mail processing would be configured this way.  Therefore, the attack
is only likely to occur if it can be launched from an IP address that
normally submits mail from V to P.

Daryl Odnert
Tumbleweed Communications
Redwood City, California
<Prev in Thread] Current Thread [Next in Thread>