ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: consensus call on pra/mailfrom deployment and versioning/scope

2004-09-08 12:21:19
from [Yakov Shafranovich] [Permanent Link] 

Douglas Otis wrote:


On Wed, 2004-09-08 at 11:19, Yakov Shafranovich wrote:


Jim Fenton wrote:


At 11:45 AM 9/8/2004 -0400, Meng Weng Wong wrote:



Step 2: HELO bob.mta MAIL FROM:<alice> SUBMITTER=<bob> RCPT
TO:<robert> DATA Resent-From: <bob>

At step 2, the receiver can apply spf/HELO tests (or SPF Lite or
CSV or even IP based whitelisting) to bob.mta, and approve the
forwarder based on that.

The receiver can also apply spf/SUBMITTER tests to <bob>, and
approve the forwarder based on that.


Wouldn't this require a PRA check to verify that SUBMITTER is
consistent with the message headers, and wouldn't that be encumbered?
No, SUBMITTER would be compared against the Sender-ID records directly without touching the headers. 


This means there would be no record which identity was used to permit
the message.  What an ideal way to spoof.
Let me rephrase that: SUBMITTER would be compared against the Sender-ID records directly without *examining* the headers. 

You can still record the result of that and the parameter in some header.

Yakov
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: consensus call on pra/mailfrom deployment and versioning/scope, Andrew Newton
Next by Date:  Re: consensus call on pra/mailfrom deployment and versioning/scope, Andrew Newton
Previous by Thread:  Re: consensus call on pra/mailfrom deployment and versioning/scope, Douglas Otis
Next by Thread:  Re: consensus call on pra/mailfrom deployment and versioning/scope, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]