Matthew wrote:
1) domain.com uses a self generated private key to sign each
message that originates at one of its MTA. The signature might
This doesn't solve the problem of sending mail from random arbitrary
points on the Internet, since the mail might not emerge from one of these
trusted machines.
How about this variant: I write some mail and sign it, then send it. The
recipient looks at the key and sees that it was signed by 0x9DC0E77E.
Then it looks up the "verification server" for exploits.org, connects, and
asks if this PGP id is allowed to use this envelope sender.
Since I am a valid user of that sender address, it says yes, and the
recipient can use that data in making the decision to accept or reject
the mail.
Such a system would prevent most forging of user accounts, but it requires
a serious upgrade for the mail clients of most people. You'd have to get
into the habit of signing all of your mails. I for one don't go to that
extreme, as you can see here. However, if it meant the difference between
getting through and being ignored or dropped on the floor, I'd start
signing my outgoing messages.
Incidentally, the verification server should be able to fail a request
without saying why. Otherwise, the difference in responses for "invalid
key" versus "no such user" could be turned into an address verification
attack.
It would be nice if recipients cached this data for a short period to
reduce the load on the verification server. Maybe it's just me, but all
of these exim sender-verifier callbacks with no apparent caching are
becoming annoying.
Note: this doesn't address replay attacks. Someone could capture an
entire signed mail from me and spew it at other people forever. They
couldn't modify the contents, though. This doesn't seem like a big
problem, since you can spoof me and spew as much as you like right now.
None of this replaces SPF. It's just another option that could be used at
the same time.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡