Re: a few short notes

> Since any email system can connect to any other email system, if my email 
> system contacts your system to hand off a piece of email, how do you build 
> that chain of trust, since you don't know my system? You can authenticate 
> who I am, but that's not trust, that's just removing forgery capabilities 
> (sort of).
> If I try to hand you a message from Bill(_at_)microsoft(_dot_)com, SPF could tell you 
> whether to accept it if I claimed it was generated on my site, but what if 
> I claimed it was generated on microsoft's server and (acting as a man in 
> the middle) that it's being relayed through me? relays are necessary in 
> the corporate world, and so are backup MX systems, and neither are covered 
> by SPF.
Something like SPF would know that mail was to be relayed through you. If I 
send you a message, I KNOW who the message should be relayed through to get 
to your MX server. YOU KNOW who the message should be relayed through after 
it's got to the MX server I can see. (Or, if you don't, you can/should be 
able to find out).
So, you could set up something so that your server knows that a message 
from me has to come from a list of a few IP addresses (our mail server, or 
one of our ISP's mail servers). Our ISP can set up something so that they 
know a message from me has to come from our mail server, or one of their 
other mail servers.
A message couldn't be injected into our ISP's mail server except from one 
of their other servers or our server.
> What if I really am a gateway or fallback MX that legitimately got that mail?
If you (as the recipient) has a backup MX server, you'd trust it. It would 
do the same trust 'analysis' that your main server would do, and then you'd 
know to trust the analysis that the backup server has done.


Paul                            VPOP3 - Internet Email Server/Gateway
support(_at_)pscs(_dot_)co(_dot_)uk                     http://www.pscs.co.uk/