On Tuesday 25 November 2003 2:16 am, Philip Gladstone wrote:
* Now lookup %{u}.%{i}.spf.aol.com. Write some special code that says
that anybody can send up to 100 messages per day per source IP address.
Each IP address must not send more than 1000 messages per day anyway.
Also, all users must be valid AOL users. When you respond with the
record, give it a 10 second TTL. If the AOL user configures their
account suitably (checks a checkbox), then give them a free ride.
If understand correctly, if Joe Spammer knows the name of an AOL user that
sometimes uses non-AOL hosts, then Joe can send up to 100 spam mails a day?
And If Joe knows the names of 10 such users, he can send 1000 from a single
IP address. I suppose that's fairly restrictive... but I thought spammers are
using lots of tojaned zombies, and so have the use of lots of IP addresses...
I guess the zombies would be a problem anyway, and beyond the scope of SPF in
the end.
It would probably work fine as an antispam measure - due to the low volume of
joe-jobs that could be sent per IP it would not be a very desirable target
for spammers. As a message repudiation mechanism it is too weak, since for
the purposes of fraud, defamation etc it only takes a single fake message to
do a great deal of damage.
You have probably noticed by now that I enjoy thinking up alternatives so
here's a really oddball one:
I recently implemented DIGEST-MD5 authentication code on a server and it
occurs to me that it (DIGEST-MD5) is designed to be safe against snooping
even over an unencrypted channel - hence you could have an untrusted host
sitting in between the client and the trusted server without worrying about
the fact that the middleman can see everything.
If the DNS server were to act as the 'trusted server', handing out one-time
DIGEST-MD5 challenges in response to DNS lookups, and the mail-sending host
were to provide an SMTP AUTH response to that challenge, it may be possible
for the intermediary (the receiving MTA) to authenticate the sender without
compromising the shared secret. (the shared secret is an MD5 hash of
[username:password:realm] known only to the DNS server and the sending
client)
If my hunch is right, it means a system could be designed whereby the 'roaming
user' would be able to authenticate himself to any SMTP server in the world
without actually having to share-out the passwords.... still too costly for
bulk use (since the one-time challenges could not be cached) but a great
solution for low-volume roaming users.
I'm not a crypto expert - maybe it would require two DNS lookups, one to
obtain the challenge, another to check the validity of the response.
Anyone here a cryptanalyst?
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.6.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡