ietf-mxcomp
[Top] [All Lists]

Re: Trust, and who knows what (was Re: SPF abused by spammers )

2004-09-19 13:31:03


On Sun, 19 Sep 2004 12:39:35 -0700, Mark C. Langston wrote:
     it says
 nothing about the policies of the entity connecting to the MTA doing the
 SPF check.  

Let's see:

        -  The MailFrom contains a domain name.  
    -  Under that domain name, the client MTA is registered.
    -  The client MTA does not have to give the domain name administrator 
       "permission"
    -  The client MTA *does* decide to carry the message containing that 
       MailFrom

So there really *is* a policy relationship between the creator of the MailFrom 
and the operator of the MTA.  (An open relay is merely an MTA with a 
promiscuous 
policy.)

 
There's no way to know whether the original sender was, in
 fact, a legitimate claimant to that MAIL FROM:.  The connecting MTA
 could be an open relay, allowing anyone to claim that MAIL FROM: and
 pass it through that MTA to the destination.  
If the SPF record checks
 out, the best you can say is that the connecting MTA is legitimately
 associated with that domain name.

Oh.  You are saying that there is a formal relationship between the MailFrom 
domain and the client MTA, but no enforcement of any relationship between the 
Mailfrom and the RFC2822.From or RFC2821.Sender?  And, in fact, From or Sender 
can specify any MailFrom they want?  Good point.

However, the MailFrom domain presumably register client MTA addresses that it 
trusts.  If the MailFrom domain administrator is registered addresses for open 
relays, that's their problem.

In other words, the presumption is that the MailFrom domain very much is making 
an explicit decision about the acceptability of that client MTA.

So, when the original sender chooses to go through a particular MTA, using a 
particular MailFrom, the presumption is that the administrator of that MailFrom 
trusts the posting policies of the client MTA.  Presumably this means that the 
client MTA has appropriate controls on who can post.  This would mean that the 
kind of possible MailFrom abuse you are suggesting would not be permitted by 
that Client MTA.

So, this still sounds to me like " the sender is authorized to use that MAIL 
FROM:", albeit through a pretty obscure set of relationships.

d/
--
Brandenburg InternetWorking
dcrocker(_at_)brandenburg(_dot_)com
+1.408.246.8253