Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliver

ietf-smtp

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto

2021-08-02 21:25:29

from [Viktor Dukhovni]

[Permanent Link]

On 2 Aug 2021, at 9:34 pm, John Levine <johnl(_at_)taugh(_dot_)com> wrote:

In particular, it is not unreasonable for the LDA to record an encoded
HMAC of the recipient address in the localpart, thereby making more
difficult abuse of "Delivered-To:" to elicit bounces of the message to
the purported envelope sender (because it is then harder for the
attacker to predict the magic "Delivered-To:" value).


Huh, interesting point.  Do you know of an LDAs that actually do that?  If so 
we should
add it to the description of the existing practice if we do a draft.

When I look at Postfix and qmail, they both appear to use the plaintext
locally rewritten recipient address, which may not make much sense to
software other than the MTA.


Some abuse of Delivered-To to trigger bounces has been reported now and
then, and the idea of obfuscated Delivered-To: had been discussed, but
has not yet been implemented.  The freedom to do that some day remains.

https://mailing.postfix.users.narkive.com/RMb6WBxb/delivered-to-message-header

-- 
        Viktor.

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [ietf-smtp] draft-crocker-email-deliveredto, (continued) Re: [ietf-smtp] draft-crocker-email-deliveredto, Dave Crocker Re: [ietf-smtp] draft-crocker-email-deliveredto, Dave Crocker Re: [ietf-smtp] draft-crocker-email-deliveredto, Dave Crocker Re: [ietf-smtp] draft-crocker-email-deliveredto, George Michaelson Re: [ietf-smtp] draft-crocker-email-deliveredto, John R Levine Re: [ietf-smtp] draft-crocker-email-deliveredto, George Michaelson Re: [ietf-smtp] let's do our homework, draft-crocker-email-deliveredto, John R Levine Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, John Levine Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Viktor Dukhovni Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, John Levine Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Viktor Dukhovni <= Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Sam Varshavchik Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Viktor Dukhovni Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Sam Varshavchik Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Michael Peddemors Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Dave Crocker Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Viktor Dukhovni Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, John Levine Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Dave Crocker Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Viktor Dukhovni Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Dave Crocker

Previous by Date:	Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, John Levine
Next by Date:	Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Sam Varshavchik
Previous by Thread:	Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, John Levine
Next by Thread:	Re: [ietf-smtp] homework, not an experiment, draft-crocker-email-deliveredto, Sam Varshavchik
Indexes:	[Date] [Thread] [Top] [All Lists]