Yes, I think that's pretty much the direction things would go.
But it's not just the ability of the receiving server, it's the
actual practice of the receiving server.
Also, I don't think this should be restated that way yet, because
we should not go too much into technical details (yet).
Regards, Martin.
At 13:07 04/02/01 -0500, Marc Alaia wrote:
Can this be restated as the ability of a receiving server to verify that the
parameters in the email (Originating email address, subject, message) are
authentic? Either by some form of public/private key or by the receiving
server communicating with the origin domain? I don't think that there is
any way for the receiving server to 'trust' the sending server to
validate....
Regards,
Marc
-----Original Message-----
From: Martin Duerst [mailto:duerst(_at_)w3(_dot_)org]
Sent: Sunday, February 01, 2004 12:01 PM
To: mail-ng(_at_)imc(_dot_)org
Subject: Forging of origin address
Ok, here is an attempt to try to follow Dave's suggestion and
word something in terms of user requirements:
I would like to have a system where nobody can create/send mail that
purports to come from me/my address but doesn't. Myself getting mail
that purports to be from me is one of the weirdest and most frightening
things that I have seen. And imagining others getting such mail
doesn't make things any better.
And this should of course be possible very easily, without me or the
recipient having to do anything special for each mail.
Sorry for being so egocentric, but of course by extension, I would
like to have a system where email from other people/addresses cannot
be faked. Getting mail purportedly from people you know but that
isn't from them is only slightly less frightening and weird than
getting yourself faked.
Regards, Martin.