ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A new SMTP "3821" [Re: FTC stuff...........]

2004-11-28 14:11:40
from [william(at)elan.net] [Permanent Link] 


On Sun, 28 Nov 2004, Alan DeKok wrote:


changes which are limited to participating sites are a lot easier than
changes which must be implemented ubiquitously in order for the system
to work correctly.


  As a toy proposal, a simple solution to the .forward problem is to
replace the .forward files with a script, which adds a header like:

X-RFC2821-Original-Bounce-Path: <rcpt-to mailbox>:<mail-from mailbox>


Although longer, below header provies a better annd more complete view 
(for debugging) on what happened and who did the forwarding:

Redirected: by <.forward host system name>
  on-behalf-of <user at .forward host system>
  process-type forwarding
  original-envelope return-path=<mail-from mailbox before fowarding>
                    recipient=<rcpt-to mailbox before forwarding>
  new-envelope return-path=<mail-from mailbox after fowarding>
                    recipient=<rcpt-to mailbox after forwarding>; time-stamp

See 
http://www.ietf.org/internet-drafts/draft-leibzon-emailredirection-traceheaders-00.txt
 note that it was published with bad new lines, for correct text see
http://www.elan.net/~william/emailsecurity/draft-leibzon-emailredirection-traceheaders-00.txt
 and for printable format see
http://www.elan.net/~william/emailsecurity/draft-leibzon-emailredirection-traceheaders-00.pdf

As for Original-* headers, the standartization of their use is TBD in
one of my next drafts. For what you wanted, I'll recommend using
"Original-Envelope-From" (this is actually already being used) for
return-path and "Original-Envelope-Recipient" for RCPT TO. But obviously
for reporting original values before forwarding/redirection I'd prefer
people start using Redirected trace headers.


  Add some authentication so the field can't be spoofed

Email signature can be addded above in a way similer to what DK proposed, 
stay tuned to mailsig mail list tomorrow.


  The only reason that people were using .forward files is that it was
easy, it worked, it didn't cause problems for other people until
recently, and there is always resistence to change.

It still does not cause problems for other people!

What SPF is now doing is saying that .forward need to do more then just
simply relaying message with new addresses and need to identify who they
are and what they did. This is good for better email security although
people who want to remain anonymous might not like this trend (as usual).

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: A new SMTP "3821" [Re: FTC stuff...........], Alan DeKok
Next by Date:  Re: Complaint on personal attack by Matthew Elvey, Stephane Bortzmeyer
Previous by Thread:  Re: A new SMTP "3821" [Re: FTC stuff...........], Alan DeKok
Next by Thread:  Re: A new SMTP "3821" [Re: FTC stuff...........], Alan DeKok
Indexes:  [Date] [Thread] [Top] [All Lists]