ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: "Header Reordering", yet again

2005-05-28 14:49:00
from [Valdis . Kletnieks] [Permanent Link] 
On Sat, 28 May 2005 13:05:20 PDT, David MacQuigg said:


I would establish three levels of compliance for servers wanting to be 
listed as Public Mail Servers:

1) Servers that will declare their ID, and provide a DNS record to 
authorize the use of that ID.

2) Servers that will capture the IP address and any ID declared by the 
previous sender, and prepend that information in a standard authentication 
header.

3) Servers that will perform an authentication check on the declared ID, 
using any widely-accepted method, and prepend the result of that check.


4) Servers that will prepend text that appears that they have performed one
or more of the previous tests, with a claimed result.

Moral: Never trust a check not performed by yourself unless you are able to
validate the results yourself.  There's two interesting cases here:

A) Spammers/miscreants who append a bogus "Check XYZ Passed" to get it through
your filters.

B) Spammers/miscreants who intentionally append a bogus 'Check XYZ Failed" while
claiming some origin point, for the intention of poisoning any collaborative
reputation schemes and making people not trust them....

Attachment: pgpisLxVY25Zp.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: "Header Reordering", yet again, ned+ietf-smtp
Next by Date:  Chain of Trusted Forwarders, David MacQuigg
Previous by Thread:  Re: "Header Reordering", yet again, ned+ietf-smtp
Next by Thread:  Chain of Trusted Forwarders, David MacQuigg
Indexes:  [Date] [Thread] [Top] [All Lists]