spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Maybe simple question

2003-12-12 06:43:46
from [Edward Ned Harvey] [Permanent Link] 
Oops, didn't mean to post that again.  sorry.



-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Edward 
Ned Harvey
Sent: Friday, December 12, 2003 8:41 AM
To: Spf-Discuss
Subject: [spf-discuss] Maybe simple question


Here's maybe a simple question --

When a receiver's mailserver receives a message, it then figures
out what IP
address the message came from, and makes sure that IP address is
in the list
of "permitted" IP addresses for this sender.

Here's my question --
How does the receiver's mailserver know what IP address the message came
from?  Just by looking in the message headers?  Message headers
are trivial
to spoof.  There has to be something better.

There are exactly two ways to have sender verification compatible
with smtp:

1- Base the verification on the *last* IP address of the *last* relay that
talks to the receiver.  Basically have a Certificate Authority or
something
like that that says "You have a message coming from 123.213.020.111?  You
can trust that guy.  It's real."

or

2- Encode something in the message that could only have been put there by
the real sender.  Perhaps a signature key.  Perhaps a Message ID that was
created by the sender's mailserver using a password.  Or some other idea.

How do you propose SPF should handle this problem?

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate
your subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡



-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.3.txt
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Maybe simple question, Edward Ned Harvey
Next by Date:  RE: Maybe simple question, Edward Ned Harvey
Previous by Thread:  Maybe simple question, Edward Ned Harvey
Next by Thread:  Re: Maybe simple question, Rob Kaper
Indexes:  [Date] [Thread] [Top] [All Lists]