[Top] [All Lists]

RE: Anti-Spoofing Technology

2005-04-16 22:39:46

I had not yet looked at RFC 2822, but I have now pulled a copy and I am
taking a look at it.

What I am really thinking about is the mailbox designated by the "From:"

I know that when a message is being transmitted between servers, it is
really far too late to make any determination as to the validity of the
"From:" header.

However, it seems to me that when a message first enters the mail system
(i.e., an ISP SMTP server receives a message from a client of that ISP),
validation of the return address could be required.  Specifically, the
"From" mailbox specified in the message header could, pursuant to an SMTP
extension, be validated against a list of mailboxes allocated by the ISP to
the client with whom the SMTP server is in session.

There may already be something in the RFCs that I have yet to find.

I am just beginning my research into this.

John P Baker
Software Engineer

-----Original Message-----
From: owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org 
[mailto:owner-ietf-smtp(_at_)mail(_dot_)imc(_dot_)org] On
Behalf Of Hector Santos
Sent: Saturday, April 16, 2005 23:58
To: Dave Crocker; John P Baker; IETF-SMTP
Subject: Re: Anti-Spoofing Technology

----- Original Message -----
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
To: "John P Baker" <jbaker314(_at_)earthlink(_dot_)net>; "IETF-SMTP"
Sent: Saturday, April 16, 2005 11:03 PM
Subject: Re: Anti-Spoofing Technology

 Is there any extension to the SMTP protocol which, for a client
 to an SMTP server, would require that all messages originating from
 client specify a return address known by the server to be associated
 that client?

Why is the rfc2821.mailfrom address of particular address, rather than any
the other identification information, such as rfc2821.helo, rfc2822.from

I think he ask about SMTP and return address. not POST SMTP or 2822.  The
client domain machine is too far gone to be useable for anything today. So
CSV is out of the picture all together.

The return path is the closest then we have today to anything that can be
considered to be technically required to be "correct."   This is written
into the documents.

+80% of the time it is not and since most systems do not check, hence the
spoof problem.    From a SMTP standpoint,  the return path will have a great
technical value at the SMTP process to make sure , at a minimum, that it is

Everything else (2822) is gravy.

I really hope this doesn't go into a useless debate about what is right or
wrong or SPF vs. CSV or some other machine.   He asked about SMTP and the
return address and today, there are some practical "anti-spoofing" SMTP
based protocols in place today that do attempt to address the return path
validity.  They exist in practice because they do offer some level of

Hector Santos, CTO
Santronics Software, Inc. (Wildcat! Sender Authentication Protocol)  (WcSAP Anti-Spam Stats)

<Prev in Thread] Current Thread [Next in Thread>