Tony Finch <dot(_at_)dotat(_dot_)at> wrote:
On Thu, 16 Sep 2004, Alan DeKok wrote:
I'm not sure how any "MAIL FROM" checking can prevent spoofing on a
shared MTA.
For a rough outline, see
http://www.cus.cam.ac.uk/~fanf2/hermes/doc/antiforgery/cam.txt
Quoting that sentence out of context, I can understand your
response.
Your system describes a method for a shared MTA to guarantee that
any message it forwards is truly from the claimed originator. That's
nice, but not useful to anyone else in the network.
My repeated, and explicit, comments in this thread have described
the problems faced by the recipient who is sent the message from the
shared MTA. That recipient has no way to verify that the message is
not spoofed by another domain using the shared MTA.
Any method which permits the recipient to verify the "MAIL FROM"
must involve the originator. The shared MTA can claim that it is
forwarding the message, but because it is not the originator, it
cannot authenticate the message as truly coming from the originator.
The shared MTA can use special/local information in order to
authenticate to it's own satisfaction the "true" origin of the
message. That information is not available to others in the network,
so they cannot perform the same authentication to satisfy themselves
as to the true origin of the message. And they cannot take the word
of the shared MTA, as it may be compromised.
Alan DeKok.